From 13382d02eab93e095cfa577113958bde6c32aa4a Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Nov 07 2011 21:18:33 +0000 Subject: Add more MCS fixes to make sandbox working Make faillog MLS trusted to make sudo_$1_t working Allow sandbox_web_client_t to read passwd_file_t Add .mailrc file context Remove execheap from openoffice domain Allow chrome_sandbox_nacl_t to read cpu_info Allow virtd to relabel generic usb which is need if USB device Fixes for virt.if interfaces to consider chr_file as image file type --- diff --git a/booleans-targeted.conf b/booleans-targeted.conf index 2477bd2..a6550d0 100644 --- a/booleans-targeted.conf +++ b/booleans-targeted.conf @@ -1,6 +1,6 @@ # Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack. # -allow_execmem = false +deny_execmem = false # Allow making a modified private filemapping executable (text relocation). # diff --git a/modules-mls.conf b/modules-mls.conf index 1c6e4bf..a83ad89 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -1893,13 +1893,6 @@ pads = module kerneloops = module # Layer: apps -# Module: openoffice -# -# openoffice executable -# -openoffice = module - -# Layer: apps # Module: podsleuth # # Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. diff --git a/modules-targeted.conf b/modules-targeted.conf index ddcda07..681bacb 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -829,13 +829,6 @@ i18n_input = off # jabber = module -# Layer: apps -# Module: execmem -# -# execmem executable -# -execmem = module - # Layer: admin # Module: kdump # @@ -2257,13 +2250,6 @@ pads = module kerneloops = module # Layer: apps -# Module: openoffice -# -# openoffice executable -# -openoffice = module - -# Layer: apps # Module: podsleuth # # Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. diff --git a/policy-F16.patch b/policy-F16.patch index 1873398..acd9272 100644 --- a/policy-F16.patch +++ b/policy-F16.patch @@ -211,10 +211,10 @@ index 4705ab6..262b5ba 100644 +gen_tunable(allow_console_login,false) + diff --git a/policy/mcs b/policy/mcs -index df8e0fa..6568d96 100644 +index df8e0fa..92b6177 100644 --- a/policy/mcs +++ b/policy/mcs -@@ -69,16 +69,28 @@ gen_levels(1,mcs_num_cats) +@@ -69,16 +69,32 @@ gen_levels(1,mcs_num_cats) # - /proc/pid operations are not constrained. mlsconstrain file { read ioctl lock execute execute_no_trans } @@ -237,17 +237,21 @@ index df8e0fa..6568d96 100644 + (( h1 dom h2 ) or ( t1 == mcswriteall ) or + (( t1 != mcsuntrustedproc ) and (t2 == domain))); + -+mlsconstrain { lnk_file chr_file blk_file sock_file fifo_file } { getattr read ioctl } ++mlsconstrain fifo_file { open } ++ (( h1 dom h2 ) or ( t1 == mcsreadall ) or ++ (( t1 != mcsuntrustedproc ) and ( t2 == domain ))); ++ ++mlsconstrain { lnk_file chr_file blk_file sock_file } { getattr read ioctl } + (( h1 dom h2 ) or ( t1 == mcsreadall ) or + (( t1 != mcsuntrustedproc ) and (t2 == domain))); + -+mlsconstrain { lnk_file chr_file blk_file sock_file fifo_file } { write setattr } ++mlsconstrain { lnk_file chr_file blk_file sock_file } { write setattr } + (( h1 dom h2 ) or ( t1 == mcswriteall ) or + (( t1 != mcsuntrustedproc ) and (t2 == domain))); # New filesystem object labels must be dominated by the relabeling subject # clearance, also the objects are single-level. -@@ -101,6 +113,9 @@ mlsconstrain process { ptrace } +@@ -101,6 +117,9 @@ mlsconstrain process { ptrace } mlsconstrain process { sigkill sigstop } (( h1 dom h2 ) or ( t1 == mcskillall )); @@ -257,7 +261,7 @@ index df8e0fa..6568d96 100644 # # MCS policy for SELinux-enabled databases # -@@ -144,4 +159,21 @@ mlsconstrain db_language { drop getattr setattr relabelfrom execute } +@@ -144,4 +163,21 @@ mlsconstrain db_language { drop getattr setattr relabelfrom execute } mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export } ( h1 dom h2 ); @@ -4847,10 +4851,10 @@ index 0000000..1553356 +') diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te new file mode 100644 -index 0000000..859eb9f +index 0000000..28cfa1d --- /dev/null +++ b/policy/modules/apps/chrome.te -@@ -0,0 +1,177 @@ +@@ -0,0 +1,178 @@ +policy_module(chrome,1.0.0) + +######################################## @@ -5017,6 +5021,7 @@ index 0000000..859eb9f +kernel_read_system_state(chrome_sandbox_nacl_t) + +dev_read_urand(chrome_sandbox_nacl_t) ++dev_read_sysfs(chrome_sandbox_nacl_t) + +files_read_etc_files(chrome_sandbox_nacl_t) + @@ -9517,7 +9522,7 @@ index 0000000..4428be4 + diff --git a/policy/modules/apps/openoffice.if b/policy/modules/apps/openoffice.if new file mode 100644 -index 0000000..d1d471e +index 0000000..0578e7c --- /dev/null +++ b/policy/modules/apps/openoffice.if @@ -0,0 +1,124 @@ @@ -9590,7 +9595,7 @@ index 0000000..d1d471e + userdom_unpriv_usertype($1, $1_openoffice_t) + userdom_exec_user_home_content_files($1_openoffice_t) + -+ allow $1_openoffice_t self:process { getsched sigkill execheap execmem execstack }; ++ allow $1_openoffice_t self:process { getsched sigkill execmem execstack }; + + allow $3 $1_openoffice_t:process { getattr ptrace signal_perms noatsecure siginh rlimitinh }; + allow $1_openoffice_t $3:tcp_socket { read write }; @@ -10483,10 +10488,10 @@ index 0000000..809784d +') diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te new file mode 100644 -index 0000000..e9d2bc3 +index 0000000..5e75113 --- /dev/null +++ b/policy/modules/apps/sandbox.te -@@ -0,0 +1,484 @@ +@@ -0,0 +1,488 @@ +policy_module(sandbox,1.0.0) +dbus_stub() +attribute sandbox_domain; @@ -10840,6 +10845,8 @@ index 0000000..e9d2bc3 +# +typeattribute sandbox_web_client_t sandbox_web_type; + ++auth_use_nsswitch(sandbox_web_client_t) ++ +allow sandbox_web_type self:capability { setuid setgid }; +allow sandbox_web_type self:netlink_audit_socket nlmsg_relay; +dontaudit sandbox_web_type self:process setrlimit; @@ -10965,6 +10972,8 @@ index 0000000..e9d2bc3 +corenet_tcp_connect_all_ports(sandbox_net_client_t) +corenet_sendrecv_all_client_packets(sandbox_net_client_t) + ++auth_use_nsswitch(sandbox_net_client_t) ++ +optional_policy(` + mozilla_dontaudit_rw_user_home_files(sandbox_x_t) + mozilla_dontaudit_rw_user_home_files(sandbox_xserver_t) @@ -14450,7 +14459,7 @@ index 6cf8784..12bd6fc 100644 +# +/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0) diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if -index f820f3b..c2a334f 100644 +index f820f3b..39b1056 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -146,14 +146,33 @@ interface(`dev_relabel_all_dev_nodes',` @@ -15051,7 +15060,32 @@ index f820f3b..c2a334f 100644 ## Getattr generic the USB devices. ## ## -@@ -4495,6 +4805,24 @@ interface(`dev_rw_vhost',` +@@ -4103,6 +4413,24 @@ interface(`dev_setattr_generic_usb_dev',` + setattr_chr_files_pattern($1, device_t, usb_device_t) + ') + ++###################################### ++## ++## Allow relabeling (to and from) of generic usb device ++## ++## ++## ++## Domain allowed to relabel. ++## ++## ++# ++interface(`dev_relabel_generic_usb_dev',` ++ gen_require(` ++ type usb_device_t; ++ ') ++ ++ relabel_dirs_pattern($1, usb_device_t, usb_device_t) ++') ++ + ######################################## + ## + ## Read generic the USB devices. +@@ -4495,6 +4823,24 @@ interface(`dev_rw_vhost',` ######################################## ## @@ -15076,7 +15110,7 @@ index f820f3b..c2a334f 100644 ## Read and write VMWare devices. ## ## -@@ -4695,6 +5023,26 @@ interface(`dev_rw_xserver_misc',` +@@ -4695,6 +5041,26 @@ interface(`dev_rw_xserver_misc',` ######################################## ## @@ -15103,7 +15137,7 @@ index f820f3b..c2a334f 100644 ## Read and write to the zero device (/dev/zero). ## ## -@@ -4784,3 +5132,812 @@ interface(`dev_unconfined',` +@@ -4784,3 +5150,812 @@ interface(`dev_unconfined',` typeattribute $1 devices_unconfined_type; ') @@ -43735,22 +43769,24 @@ index 7f68872..e4ac35e 100644 + xserver_dontaudit_read_xdm_pid(mpd_t) +') diff --git a/policy/modules/services/mta.fc b/policy/modules/services/mta.fc -index 256166a..6321a93 100644 +index 256166a..2320c87 100644 --- a/policy/modules/services/mta.fc +++ b/policy/modules/services/mta.fc -@@ -1,4 +1,5 @@ +@@ -1,4 +1,6 @@ -HOME_DIR/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0) +HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0) +HOME_DIR/dead.letter -- gen_context(system_u:object_r:mail_home_t,s0) ++HOME_DIR/.mailrc -- gen_context(system_u:object_r:mail_home_t,s0) /bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) -@@ -11,20 +12,24 @@ ifdef(`distro_redhat',` +@@ -11,20 +13,25 @@ ifdef(`distro_redhat',` /etc/postfix/aliases.* gen_context(system_u:object_r:etc_aliases_t,s0) ') -+/root/\.forward -- gen_context(system_u:object_r:mail_home_t,s0) ++/root/\.forward -- gen_context(system_u:object_r:mail_home_t,s0) +/root/dead.letter -- gen_context(system_u:object_r:mail_home_t,s0) ++/root/.mailrc -- gen_context(system_u:object_r:mail_home_t,s0) + /usr/bin/esmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0) @@ -43776,7 +43812,7 @@ index 256166a..6321a93 100644 +/var/spool/mqueue\.in(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0) /var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if -index 343cee3..e261101 100644 +index 343cee3..e5519fd 100644 --- a/policy/modules/services/mta.if +++ b/policy/modules/services/mta.if @@ -37,9 +37,9 @@ interface(`mta_stub',` @@ -44106,7 +44142,7 @@ index 343cee3..e261101 100644 ## Read sendmail binary. ## ## -@@ -899,3 +1015,112 @@ interface(`mta_rw_user_mail_stream_sockets',` +@@ -899,3 +1015,114 @@ interface(`mta_rw_user_mail_stream_sockets',` allow $1 user_mail_domain:unix_stream_socket rw_socket_perms; ') @@ -44175,6 +44211,7 @@ index 343cee3..e261101 100644 + ') + + userdom_admin_home_dir_filetrans($1, mail_home_t, file, "dead.letter") ++ userdom_admin_home_dir_filetrans($1, mail_home_t, file, ".mailrc") + userdom_admin_home_dir_filetrans($1, mail_home_t, file, ".forward") +') + @@ -44193,6 +44230,7 @@ index 343cee3..e261101 100644 + type mail_home_t; + ') + ++ userdom_user_home_dir_filetrans($1, mail_home_t, file, ".mailrc") + userdom_user_home_dir_filetrans($1, mail_home_t, file, "dead.letter") + userdom_user_home_dir_filetrans($1, mail_home_t, file, ".forward") +') @@ -61526,7 +61564,7 @@ index 7c5d8d8..fc6beb9 100644 +') + diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te -index 3eca020..f9a032d 100644 +index 3eca020..54e53fb 100644 --- a/policy/modules/services/virt.te +++ b/policy/modules/services/virt.te @@ -5,56 +5,81 @@ policy_module(virt, 1.4.0) @@ -61857,7 +61895,7 @@ index 3eca020..f9a032d 100644 kernel_request_load_module(virtd_t) kernel_search_debugfs(virtd_t) -@@ -239,22 +346,31 @@ corenet_tcp_connect_soundd_port(virtd_t) +@@ -239,22 +346,33 @@ corenet_tcp_connect_soundd_port(virtd_t) corenet_rw_tun_tap_dev(virtd_t) dev_rw_sysfs(virtd_t) @@ -61867,6 +61905,8 @@ index 3eca020..f9a032d 100644 dev_getattr_all_chr_files(virtd_t) dev_rw_mtrr(virtd_t) +dev_rw_vhost(virtd_t) ++dev_setattr_generic_usb_dev(virtd_t) ++dev_relabel_generic_usb_dev(virtd_t) # Init script handling domain_use_interactive_fds(virtd_t) @@ -61890,7 +61930,7 @@ index 3eca020..f9a032d 100644 fs_list_auto_mountpoints(virtd_t) fs_getattr_xattr_fs(virtd_t) -@@ -262,6 +378,18 @@ fs_rw_anon_inodefs_files(virtd_t) +@@ -262,6 +380,18 @@ fs_rw_anon_inodefs_files(virtd_t) fs_list_inotifyfs(virtd_t) fs_manage_cgroup_dirs(virtd_t) fs_rw_cgroup_files(virtd_t) @@ -61909,7 +61949,7 @@ index 3eca020..f9a032d 100644 mcs_process_set_categories(virtd_t) -@@ -285,16 +413,30 @@ modutils_read_module_config(virtd_t) +@@ -285,16 +415,30 @@ modutils_read_module_config(virtd_t) modutils_manage_module_config(virtd_t) logging_send_syslog_msg(virtd_t) @@ -61940,7 +61980,7 @@ index 3eca020..f9a032d 100644 tunable_policy(`virt_use_nfs',` fs_manage_nfs_dirs(virtd_t) -@@ -313,6 +455,10 @@ optional_policy(` +@@ -313,6 +457,10 @@ optional_policy(` ') optional_policy(` @@ -61951,7 +61991,7 @@ index 3eca020..f9a032d 100644 dbus_system_bus_client(virtd_t) optional_policy(` -@@ -329,16 +475,23 @@ optional_policy(` +@@ -329,16 +477,23 @@ optional_policy(` ') optional_policy(` @@ -61975,7 +62015,7 @@ index 3eca020..f9a032d 100644 # Manages /etc/sysconfig/system-config-firewall iptables_manage_config(virtd_t) -@@ -360,11 +513,11 @@ optional_policy(` +@@ -360,11 +515,11 @@ optional_policy(` ') optional_policy(` @@ -61992,7 +62032,7 @@ index 3eca020..f9a032d 100644 ') optional_policy(` -@@ -394,20 +547,36 @@ optional_policy(` +@@ -394,20 +549,36 @@ optional_policy(` # virtual domains common policy # @@ -62032,7 +62072,7 @@ index 3eca020..f9a032d 100644 corecmd_exec_bin(virt_domain) corecmd_exec_shell(virt_domain) -@@ -418,10 +587,11 @@ corenet_tcp_sendrecv_generic_node(virt_domain) +@@ -418,10 +589,11 @@ corenet_tcp_sendrecv_generic_node(virt_domain) corenet_tcp_sendrecv_all_ports(virt_domain) corenet_tcp_bind_generic_node(virt_domain) corenet_tcp_bind_vnc_port(virt_domain) @@ -62045,7 +62085,7 @@ index 3eca020..f9a032d 100644 dev_read_rand(virt_domain) dev_read_sound(virt_domain) dev_read_urand(virt_domain) -@@ -429,10 +599,12 @@ dev_write_sound(virt_domain) +@@ -429,10 +601,12 @@ dev_write_sound(virt_domain) dev_rw_ksm(virt_domain) dev_rw_kvm(virt_domain) dev_rw_qemu(virt_domain) @@ -62058,7 +62098,7 @@ index 3eca020..f9a032d 100644 files_read_usr_files(virt_domain) files_read_var_files(virt_domain) files_search_all(virt_domain) -@@ -440,25 +612,367 @@ files_search_all(virt_domain) +@@ -440,25 +614,367 @@ files_search_all(virt_domain) fs_getattr_tmpfs(virt_domain) fs_rw_anon_inodefs_files(virt_domain) fs_rw_tmpfs_files(virt_domain) @@ -66055,7 +66095,7 @@ index 73554ec..6a25dd6 100644 + logging_log_named_filetrans($1, wtmp_t, file, "wtmp") +') diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te -index b7a5f00..2c39af1 100644 +index b7a5f00..7edafde 100644 --- a/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te @@ -5,9 +5,25 @@ policy_module(authlogin, 2.2.1) @@ -66084,7 +66124,15 @@ index b7a5f00..2c39af1 100644 type auth_cache_t; logging_log_file(auth_cache_t) -@@ -100,6 +116,8 @@ dev_read_urand(chkpwd_t) +@@ -21,6 +37,7 @@ role system_r types chkpwd_t; + + type faillog_t; + logging_log_file(faillog_t) ++mls_trusted_object(faillog_t) + + type lastlog_t; + logging_log_file(lastlog_t) +@@ -100,6 +117,8 @@ dev_read_urand(chkpwd_t) files_read_etc_files(chkpwd_t) # for nscd files_dontaudit_search_var(chkpwd_t) @@ -66093,7 +66141,7 @@ index b7a5f00..2c39af1 100644 fs_dontaudit_getattr_xattr_fs(chkpwd_t) -@@ -118,7 +136,7 @@ miscfiles_read_localization(chkpwd_t) +@@ -118,7 +137,7 @@ miscfiles_read_localization(chkpwd_t) seutil_read_config(chkpwd_t) seutil_dontaudit_use_newrole_fds(chkpwd_t) @@ -66102,7 +66150,7 @@ index b7a5f00..2c39af1 100644 ifdef(`distro_ubuntu',` optional_policy(` -@@ -343,7 +361,7 @@ logging_send_syslog_msg(updpwd_t) +@@ -343,7 +362,7 @@ logging_send_syslog_msg(updpwd_t) miscfiles_read_localization(updpwd_t) @@ -66111,7 +66159,7 @@ index b7a5f00..2c39af1 100644 ifdef(`distro_ubuntu',` optional_policy(` -@@ -371,13 +389,15 @@ term_dontaudit_use_all_ttys(utempter_t) +@@ -371,13 +390,15 @@ term_dontaudit_use_all_ttys(utempter_t) term_dontaudit_use_all_ptys(utempter_t) term_dontaudit_use_ptmx(utempter_t) @@ -66128,7 +66176,7 @@ index b7a5f00..2c39af1 100644 # Allow utemper to write to /tmp/.xses-* userdom_write_user_tmp_files(utempter_t) -@@ -388,10 +408,71 @@ ifdef(`distro_ubuntu',` +@@ -388,10 +409,71 @@ ifdef(`distro_ubuntu',` ') optional_policy(` @@ -66353,7 +66401,7 @@ index a97a096..ab1e16a 100644 /usr/bin/raw -- gen_context(system_u:object_r:fsadm_exec_t,s0) /usr/bin/scsi_unique_id -- gen_context(system_u:object_r:fsadm_exec_t,s0) diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te -index c28da1c..38390f5 100644 +index c28da1c..10bc43c 100644 --- a/policy/modules/system/fstools.te +++ b/policy/modules/system/fstools.te @@ -44,6 +44,8 @@ can_exec(fsadm_t, fsadm_exec_t) @@ -66374,7 +66422,7 @@ index c28da1c..38390f5 100644 # Write to /etc/mtab. files_manage_etc_runtime_files(fsadm_t) files_etc_filetrans_etc_runtime(fsadm_t, file) -@@ -120,6 +124,9 @@ fs_list_auto_mountpoints(fsadm_t) +@@ -120,11 +124,16 @@ fs_list_auto_mountpoints(fsadm_t) fs_search_tmpfs(fsadm_t) fs_getattr_tmpfs_dirs(fsadm_t) fs_read_tmpfs_symlinks(fsadm_t) @@ -66384,7 +66432,14 @@ index c28da1c..38390f5 100644 # Recreate /mnt/cdrom. files_manage_mnt_dirs(fsadm_t) # for tune2fs -@@ -133,10 +140,12 @@ storage_raw_write_fixed_disk(fsadm_t) + files_search_all(fsadm_t) + ++mcs_file_read_all(fsadm_t) ++ + mls_file_read_all_levels(fsadm_t) + mls_file_write_all_levels(fsadm_t) + +@@ -133,10 +142,12 @@ storage_raw_write_fixed_disk(fsadm_t) storage_raw_read_removable_device(fsadm_t) storage_raw_write_removable_device(fsadm_t) storage_read_scsi_generic(fsadm_t) @@ -66397,7 +66452,7 @@ index c28da1c..38390f5 100644 init_use_fds(fsadm_t) init_use_script_ptys(fsadm_t) init_dontaudit_getattr_initctl(fsadm_t) -@@ -147,7 +156,7 @@ miscfiles_read_localization(fsadm_t) +@@ -147,7 +158,7 @@ miscfiles_read_localization(fsadm_t) seutil_read_config(fsadm_t) @@ -66406,7 +66461,7 @@ index c28da1c..38390f5 100644 ifdef(`distro_redhat',` optional_policy(` -@@ -166,6 +175,11 @@ optional_policy(` +@@ -166,6 +177,11 @@ optional_policy(` ') optional_policy(` @@ -66418,7 +66473,7 @@ index c28da1c..38390f5 100644 hal_dontaudit_write_log(fsadm_t) ') -@@ -192,6 +206,10 @@ optional_policy(` +@@ -192,6 +208,10 @@ optional_policy(` ') optional_policy(` @@ -67508,7 +67563,7 @@ index 94fd8dd..b5e5c70 100644 + read_fifo_files_pattern($1, init_var_run_t, init_var_run_t) +') diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te -index 29a9565..cbf2f02 100644 +index 29a9565..7752aa1 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -16,6 +16,34 @@ gen_require(` @@ -67614,7 +67669,8 @@ index 29a9565..cbf2f02 100644 corecmd_exec_chroot(init_t) corecmd_exec_bin(init_t) - dev_read_sysfs(init_t) +-dev_read_sysfs(init_t) ++dev_rw_sysfs(init_t) +dev_read_urand(init_t) # Early devtmpfs dev_rw_generic_chr_files(init_t) diff --git a/ptrace.patch b/ptrace.patch index 01d3d72..a3d3ca6 100644 --- a/ptrace.patch +++ b/ptrace.patch @@ -1,6 +1,6 @@ diff -up serefpolicy-3.10.0/policy/global_tunables.ptrace serefpolicy-3.10.0/policy/global_tunables ---- serefpolicy-3.10.0/policy/global_tunables.ptrace 2011-11-04 16:32:07.055065168 -0400 -+++ serefpolicy-3.10.0/policy/global_tunables 2011-11-04 16:32:07.756066508 -0400 +--- serefpolicy-3.10.0/policy/global_tunables.ptrace 2011-11-07 16:15:26.982367527 -0500 ++++ serefpolicy-3.10.0/policy/global_tunables 2011-11-07 16:15:27.555367746 -0500 @@ -6,6 +6,13 @@ ## @@ -16,8 +16,8 @@ diff -up serefpolicy-3.10.0/policy/global_tunables.ptrace serefpolicy-3.10.0/pol ##

## diff -up serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace serefpolicy-3.10.0/policy/modules/admin/kdump.if ---- serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace 2011-11-04 16:32:07.074065202 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/kdump.if 2011-11-04 16:32:07.756066508 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace 2011-11-07 16:15:26.997367533 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/kdump.if 2011-11-07 16:15:27.556367746 -0500 @@ -140,8 +140,11 @@ interface(`kdump_admin',` type kdump_initrc_exec_t; ') @@ -33,7 +33,7 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace serefpolicy-3.1 domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace serefpolicy-3.10.0/policy/modules/admin/kismet.if --- serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/kismet.if 2011-11-04 16:32:07.757066511 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/kismet.if 2011-11-07 16:15:27.556367746 -0500 @@ -239,7 +239,10 @@ interface(`kismet_admin',` ') @@ -47,8 +47,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace serefpolicy-3. kismet_manage_pid_files($1) kismet_manage_lib($1) diff -up serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace serefpolicy-3.10.0/policy/modules/admin/kudzu.te ---- serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace 2011-11-04 16:32:07.077065210 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/kudzu.te 2011-11-04 16:32:07.758066513 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace 2011-11-07 16:15:26.999367533 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/kudzu.te 2011-11-07 16:15:27.557367747 -0500 @@ -20,7 +20,7 @@ files_pid_file(kudzu_var_run_t) # Local policy # @@ -59,8 +59,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace serefpolicy-3.1 allow kudzu_t self:process { signal_perms execmem }; allow kudzu_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace serefpolicy-3.10.0/policy/modules/admin/logrotate.te ---- serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace 2011-11-04 16:32:07.077065210 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/logrotate.te 2011-11-04 16:32:07.759066514 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace 2011-11-07 16:15:26.999367533 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/logrotate.te 2011-11-07 16:15:27.558367748 -0500 @@ -30,8 +30,6 @@ files_type(logrotate_var_lib_t) # Change ownership on log files. @@ -71,8 +71,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace serefpolicy allow logrotate_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3.10.0/policy/modules/admin/ncftool.te ---- serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace 2011-11-04 16:32:07.082065219 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/ncftool.te 2011-11-04 16:32:07.759066514 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace 2011-11-07 16:15:27.003367535 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/ncftool.te 2011-11-07 16:15:27.559367749 -0500 @@ -17,8 +17,7 @@ role system_r types ncftool_t; # ncftool local policy # @@ -84,8 +84,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3 allow ncftool_t self:fifo_file manage_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/rpm.te ---- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-11-04 16:32:07.716066432 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-11-04 16:32:07.760066516 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-11-07 16:15:27.521367733 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-11-07 16:15:27.560367749 -0500 @@ -250,7 +250,8 @@ optional_policy(` # rpm-script Local policy # @@ -97,8 +97,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10. allow rpm_script_t self:fd use; allow rpm_script_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/sectoolm.te ---- serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace 2011-11-04 16:32:07.102065257 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/sectoolm.te 2011-11-04 16:32:07.761066518 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace 2011-11-07 16:15:27.018367540 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/sectoolm.te 2011-11-07 16:15:27.561367749 -0500 @@ -23,7 +23,7 @@ files_tmp_file(sectool_tmp_t) # sectool local policy # @@ -109,8 +109,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace serefpolicy- dontaudit sectoolm_t self:process { execstack execmem }; allow sectoolm_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace serefpolicy-3.10.0/policy/modules/admin/shorewall.if ---- serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace 2011-11-04 16:32:07.103065259 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/shorewall.if 2011-11-04 16:32:07.762066520 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace 2011-11-07 16:15:27.018367540 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/shorewall.if 2011-11-07 16:15:27.562367749 -0500 @@ -139,8 +139,11 @@ interface(`shorewall_admin',` type shorewall_tmp_t, shorewall_etc_t; ') @@ -125,8 +125,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace serefpolicy init_labeled_script_domtrans($1, shorewall_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace serefpolicy-3.10.0/policy/modules/admin/shorewall.te ---- serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace 2011-11-04 16:32:07.104065261 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/shorewall.te 2011-11-04 16:32:07.762066520 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace 2011-11-07 16:15:27.019367540 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/shorewall.te 2011-11-07 16:15:27.563367750 -0500 @@ -37,7 +37,7 @@ logging_log_file(shorewall_log_t) # shorewall local policy # @@ -137,8 +137,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace serefpolicy allow shorewall_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace serefpolicy-3.10.0/policy/modules/admin/sosreport.te ---- serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace 2011-11-04 16:32:07.108065268 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/sosreport.te 2011-11-04 16:32:07.763066522 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace 2011-11-07 16:15:27.022367543 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/sosreport.te 2011-11-07 16:15:27.563367750 -0500 @@ -21,7 +21,7 @@ files_tmpfs_file(sosreport_tmpfs_t) # sosreport local policy # @@ -149,8 +149,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace serefpolicy allow sosreport_t self:fifo_file rw_fifo_file_perms; allow sosreport_t self:tcp_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace serefpolicy-3.10.0/policy/modules/admin/usermanage.te ---- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace 2011-11-04 16:32:07.689066381 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-11-04 16:32:07.764066524 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace 2011-11-07 16:15:27.501367726 -0500 ++++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-11-07 16:15:27.564367750 -0500 @@ -439,7 +439,8 @@ optional_policy(` # Useradd local policy # @@ -162,8 +162,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace serefpolic allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; allow useradd_t self:process setfscreate; diff -up serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace serefpolicy-3.10.0/policy/modules/apps/chrome.te ---- serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace 2011-11-04 16:32:07.123065298 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/chrome.te 2011-11-04 16:32:07.765066525 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace 2011-11-07 16:15:27.035367548 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/chrome.te 2011-11-07 16:15:27.565367750 -0500 @@ -26,7 +26,7 @@ role system_r types chrome_sandbox_nacl_ # # chrome_sandbox local policy @@ -173,10 +173,21 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace serefpolicy-3.1 allow chrome_sandbox_t self:process { signal_perms setrlimit execmem execstack }; allow chrome_sandbox_t self:process setsched; allow chrome_sandbox_t self:fifo_file manage_file_perms; -diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace serefpolicy-3.10.0/policy/modules/apps/execmem.if +diff -up serefpolicy-3.10.0/policy/modules/apps/cpufreqselector.te.ptrace serefpolicy-3.10.0/policy/modules/apps/cpufreqselector.te +--- serefpolicy-3.10.0/policy/modules/apps/cpufreqselector.te.ptrace 2011-11-07 16:15:27.035367548 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/cpufreqselector.te 2011-11-07 16:15:27.566367750 -0500 +@@ -14,7 +14,7 @@ application_domain(cpufreqselector_t, cp + # cpufreq-selector local policy + # + +-allow cpufreqselector_t self:capability { sys_nice sys_ptrace }; ++allow cpufreqselector_t self:capability sys_nice; + allow cpufreqselector_t self:process getsched; + allow cpufreqselector_t self:fifo_file rw_fifo_file_perms; + allow cpufreqselector_t self:process getsched; diff -up serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace serefpolicy-3.10.0/policy/modules/apps/gnome.if ---- serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace 2011-11-04 16:32:07.131065312 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/gnome.if 2011-11-04 16:32:07.769066534 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace 2011-11-07 16:15:27.041367549 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/gnome.if 2011-11-07 16:15:27.567367751 -0500 @@ -91,8 +91,7 @@ interface(`gnome_role_gkeyringd',` auth_use_nsswitch($1_gkeyringd_t) @@ -187,9 +198,30 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace serefpolicy-3.10 dontaudit $3 gkeyringd_exec_t:file entrypoint; stream_connect_pattern($3, gkeyringd_tmp_t, gkeyringd_tmp_t, $1_gkeyringd_t) +diff -up serefpolicy-3.10.0/policy/modules/apps/gnome.te.ptrace serefpolicy-3.10.0/policy/modules/apps/gnome.te +--- serefpolicy-3.10.0/policy/modules/apps/gnome.te.ptrace 2011-11-07 16:15:27.042367550 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/gnome.te 2011-11-07 16:15:27.568367752 -0500 +@@ -119,7 +119,7 @@ optional_policy(` + # gconf-defaults-mechanisms local policy + # + +-allow gconfdefaultsm_t self:capability { dac_override sys_nice sys_ptrace }; ++allow gconfdefaultsm_t self:capability { dac_override sys_nice }; + allow gconfdefaultsm_t self:process getsched; + allow gconfdefaultsm_t self:fifo_file rw_fifo_file_perms; + +@@ -168,7 +168,7 @@ tunable_policy(`use_samba_home_dirs',` + # gnome-system-monitor-mechanisms local policy + # + +-allow gnomesystemmm_t self:capability { sys_nice sys_ptrace }; ++allow gnomesystemmm_t self:capability sys_nice; + allow gnomesystemmm_t self:fifo_file rw_fifo_file_perms; + + kernel_read_system_state(gnomesystemmm_t) diff -up serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace serefpolicy-3.10.0/policy/modules/apps/irc.if ---- serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace 2011-11-04 16:32:07.136065322 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/irc.if 2011-11-04 16:32:07.770066536 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace 2011-11-07 16:15:27.045367551 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/irc.if 2011-11-07 16:15:27.569367753 -0500 @@ -33,7 +33,7 @@ interface(`irc_role',` domtrans_pattern($2, irssi_exec_t, irssi_t) @@ -199,10 +231,9 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace serefpolicy-3.10.0 ps_process_pattern($2, irssi_t) manage_dirs_pattern($2, irssi_home_t, irssi_home_t) -diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace serefpolicy-3.10.0/policy/modules/apps/java.if diff -up serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace serefpolicy-3.10.0/policy/modules/apps/kde.te ---- serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace 2011-11-04 16:32:07.140065330 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/kde.te 2011-11-04 16:32:07.772066539 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace 2011-11-07 16:15:27.049367553 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/kde.te 2011-11-07 16:15:27.569367753 -0500 @@ -13,9 +13,6 @@ dbus_system_domain(kdebacklighthelper_t, # # backlighthelper local policy @@ -214,8 +245,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace serefpolicy-3.10.0 kernel_read_system_state(kdebacklighthelper_t) diff -up serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace serefpolicy-3.10.0/policy/modules/apps/livecd.te ---- serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace 2011-11-04 16:32:07.142065333 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/livecd.te 2011-11-04 16:32:07.773066541 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace 2011-11-07 16:15:27.051367553 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/livecd.te 2011-11-07 16:15:27.570367753 -0500 @@ -20,7 +20,10 @@ files_tmp_file(livecd_tmp_t) dontaudit livecd_t self:capability2 mac_admin; @@ -229,8 +260,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace serefpolicy-3.1 manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t) diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace serefpolicy-3.10.0/policy/modules/apps/mono.if ---- serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace 2011-11-04 16:32:07.145065339 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-11-04 16:32:07.773066541 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace 2011-11-07 16:15:27.053367553 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-11-07 16:15:27.570367753 -0500 @@ -40,8 +40,8 @@ template(`mono_role_template',` domain_interactive_fd($1_mono_t) application_type($1_mono_t) @@ -244,7 +275,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace serefpolicy-3.10. diff -up serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace serefpolicy-3.10.0/policy/modules/apps/mono.te --- serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/mono.te 2011-11-04 16:32:07.774066543 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/mono.te 2011-11-07 16:15:27.571367753 -0500 @@ -15,7 +15,7 @@ init_system_domain(mono_t, mono_exec_t) # Local policy # @@ -255,8 +286,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace serefpolicy-3.10. init_dbus_chat_script(mono_t) diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace serefpolicy-3.10.0/policy/modules/apps/mozilla.if ---- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace 2011-11-04 16:32:07.146065342 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-11-04 16:32:07.775066545 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace 2011-11-07 16:15:27.055367555 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-11-07 16:15:27.572367753 -0500 @@ -221,7 +221,7 @@ interface(`mozilla_domtrans_plugin',` allow mozilla_plugin_t $1:sem create_sem_perms; @@ -267,8 +298,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace serefpolicy-3. ######################################## diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace serefpolicy-3.10.0/policy/modules/apps/mozilla.te ---- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace 2011-11-04 16:32:07.720066438 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-11-04 16:32:07.776066546 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace 2011-11-07 16:15:27.524367735 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-11-07 16:15:27.573367753 -0500 @@ -301,7 +301,7 @@ optional_policy(` # mozilla_plugin local policy # @@ -279,8 +310,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace serefpolicy-3. allow mozilla_plugin_t self:process { setsched signal_perms execmem }; allow mozilla_plugin_t self:netlink_route_socket r_netlink_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace serefpolicy-3.10.0/policy/modules/apps/nsplugin.if ---- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace 2011-11-04 16:32:07.152065353 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-11-04 16:32:07.777066547 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace 2011-11-07 16:15:27.059367556 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-11-07 16:15:27.573367753 -0500 @@ -93,7 +93,7 @@ ifdef(`hide_broken_symptoms', ` dontaudit nsplugin_t $2:shm destroy; allow $2 nsplugin_t:sem rw_sem_perms; @@ -291,8 +322,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace serefpolicy-3 # Connect to pulseaudit server diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace serefpolicy-3.10.0/policy/modules/apps/nsplugin.te ---- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace 2011-11-04 16:32:07.153065355 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-11-04 16:32:07.778066549 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace 2011-11-07 16:15:27.060367557 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-11-07 16:15:27.574367753 -0500 @@ -54,7 +54,7 @@ application_executable_file(nsplugin_con # dontaudit nsplugin_t self:capability { sys_nice sys_tty_config }; @@ -303,11 +334,11 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace serefpolicy-3 allow nsplugin_t self:sem create_sem_perms; allow nsplugin_t self:shm create_shm_perms; diff -up serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace serefpolicy-3.10.0/policy/modules/apps/openoffice.if ---- serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace 2011-11-04 16:32:07.154065356 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/openoffice.if 2011-11-04 16:32:07.779066552 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace 2011-11-07 16:15:27.000000000 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/openoffice.if 2011-11-07 16:16:09.397383796 -0500 @@ -69,7 +69,7 @@ interface(`openoffice_role_template',` - allow $1_openoffice_t self:process { getsched sigkill execheap execmem execstack }; + allow $1_openoffice_t self:process { getsched sigkill execmem execstack }; - allow $3 $1_openoffice_t:process { getattr ptrace signal_perms noatsecure siginh rlimitinh }; + allow $3 $1_openoffice_t:process { getattr signal_perms noatsecure siginh rlimitinh }; @@ -315,8 +346,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace serefpolicy domtrans_pattern($3, openoffice_exec_t, $1_openoffice_t) diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace serefpolicy-3.10.0/policy/modules/apps/podsleuth.te ---- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace 2011-11-04 16:32:07.721066440 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-11-04 16:32:07.780066555 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace 2011-11-07 16:15:27.525367736 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-11-07 16:15:27.575367754 -0500 @@ -27,7 +27,8 @@ ubac_constrained(podsleuth_tmpfs_t) # podsleuth local policy # @@ -329,7 +360,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace serefpolicy- allow podsleuth_t self:sem create_sem_perms; diff -up serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace serefpolicy-3.10.0/policy/modules/apps/uml.if --- serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/uml.if 2011-11-04 16:32:07.780066555 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/uml.if 2011-11-07 16:15:27.576367755 -0500 @@ -31,9 +31,9 @@ interface(`uml_role',` allow $2 uml_t:unix_dgram_socket sendto; allow uml_t $2:unix_dgram_socket sendto; @@ -343,8 +374,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace serefpolicy-3.10.0 allow $2 uml_ro_t:dir list_dir_perms; read_files_pattern($2, uml_ro_t, uml_ro_t) diff -up serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace serefpolicy-3.10.0/policy/modules/apps/uml.te ---- serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace 2011-11-04 16:32:07.170065388 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/uml.te 2011-11-04 16:32:07.781066557 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace 2011-11-07 16:15:27.075367563 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/uml.te 2011-11-07 16:15:27.577367756 -0500 @@ -53,7 +53,7 @@ files_pid_file(uml_switch_var_run_t) # @@ -354,9 +385,21 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace serefpolicy-3.10.0 allow uml_t self:unix_stream_socket create_stream_socket_perms; allow uml_t self:unix_dgram_socket create_socket_perms; # Use the network. +diff -up serefpolicy-3.10.0/policy/modules/apps/vmware.te.ptrace serefpolicy-3.10.0/policy/modules/apps/vmware.te +--- serefpolicy-3.10.0/policy/modules/apps/vmware.te.ptrace 2011-11-07 16:15:27.079367563 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/vmware.te 2011-11-07 16:15:27.577367756 -0500 +@@ -72,7 +72,7 @@ ifdef(`enable_mcs',` + # VMWare host local policy + # + +-allow vmware_host_t self:capability { setgid setuid net_raw sys_nice sys_time sys_ptrace kill dac_override }; ++allow vmware_host_t self:capability { setgid setuid net_raw sys_nice sys_time kill dac_override }; + dontaudit vmware_host_t self:capability sys_tty_config; + allow vmware_host_t self:process { execstack execmem signal_perms }; + allow vmware_host_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace serefpolicy-3.10.0/policy/modules/apps/wine.if ---- serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace 2011-11-04 16:32:07.178065401 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-11-04 16:32:07.782066558 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace 2011-11-07 16:15:27.081367565 -0500 ++++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-11-07 16:15:27.578367756 -0500 @@ -100,7 +100,7 @@ template(`wine_role_template',` role $2 types $1_wine_t; @@ -367,8 +410,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace serefpolicy-3.10. corecmd_bin_domtrans($1_wine_t, $1_t) diff -up serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace serefpolicy-3.10.0/policy/modules/kernel/domain.te ---- serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace 2011-11-04 16:32:07.196065437 -0400 -+++ serefpolicy-3.10.0/policy/modules/kernel/domain.te 2011-11-04 16:32:07.783066560 -0400 +--- serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace 2011-11-07 16:15:27.097367571 -0500 ++++ serefpolicy-3.10.0/policy/modules/kernel/domain.te 2011-11-07 16:15:27.579367756 -0500 @@ -181,7 +181,10 @@ allow unconfined_domain_type domain:fifo allow unconfined_domain_type unconfined_domain_type:dbus send_msg; @@ -387,8 +430,8 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace serefpolicy-3 dontaudit domain domain:process { noatsecure siginh rlimitinh } ; +dontaudit domain self:capability sys_ptrace; diff -up serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace serefpolicy-3.10.0/policy/modules/kernel/kernel.te ---- serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace 2011-11-04 16:32:07.208065460 -0400 -+++ serefpolicy-3.10.0/policy/modules/kernel/kernel.te 2011-11-04 16:32:07.784066562 -0400 +--- serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace 2011-11-07 16:15:27.107367575 -0500 ++++ serefpolicy-3.10.0/policy/modules/kernel/kernel.te 2011-11-07 16:15:27.580367756 -0500 @@ -191,7 +191,11 @@ sid tcp_socket gen_context(system_u:obj # kernel local policy # @@ -412,8 +455,8 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace serefpolicy-3 gen_require(` bool secure_mode_insmod; diff -up serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/dbadm.te ---- serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace 2011-11-04 16:32:07.220065483 -0400 -+++ serefpolicy-3.10.0/policy/modules/roles/dbadm.te 2011-11-04 16:32:07.784066562 -0400 +--- serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace 2011-11-07 16:15:27.117367578 -0500 ++++ serefpolicy-3.10.0/policy/modules/roles/dbadm.te 2011-11-07 16:15:27.580367756 -0500 @@ -28,7 +28,7 @@ userdom_base_user_template(dbadm) # database admin local policy # @@ -425,7 +468,7 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace serefpolicy-3.1 files_delete_generic_locks(dbadm_t) diff -up serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/logadm.te --- serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/roles/logadm.te 2011-11-04 16:32:07.785066564 -0400 ++++ serefpolicy-3.10.0/policy/modules/roles/logadm.te 2011-11-07 16:15:27.581367756 -0500 @@ -14,6 +14,5 @@ userdom_base_user_template(logadm) # logadmin local policy # @@ -435,8 +478,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace serefpolicy-3. +allow logadm_t self:capability { dac_override dac_read_search kill sys_nice }; logging_admin(logadm_t, logadm_r) diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/sysadm.te ---- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace 2011-11-04 16:32:07.723066445 -0400 -+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-11-04 16:32:07.786066566 -0400 +--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace 2011-11-07 16:15:27.527367736 -0500 ++++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-11-07 16:15:27.581367756 -0500 @@ -5,13 +5,6 @@ policy_module(sysadm, 2.2.1) # Declarations # @@ -461,8 +504,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace serefpolicy-3. ') diff -up serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/webadm.te ---- serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace 2011-11-04 16:32:07.226065494 -0400 -+++ serefpolicy-3.10.0/policy/modules/roles/webadm.te 2011-11-04 16:32:07.787066568 -0400 +--- serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace 2011-11-07 16:15:27.122367581 -0500 ++++ serefpolicy-3.10.0/policy/modules/roles/webadm.te 2011-11-07 16:15:27.582367756 -0500 @@ -28,7 +28,7 @@ userdom_base_user_template(webadm) # webadmin local policy # @@ -473,8 +516,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace serefpolicy-3. files_dontaudit_search_all_dirs(webadm_t) files_manage_generic_locks(webadm_t) diff -up serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace serefpolicy-3.10.0/policy/modules/services/abrt.if ---- serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace 2011-11-04 16:32:07.229065500 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/abrt.if 2011-11-04 16:32:07.788066569 -0400 +--- serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace 2011-11-07 16:15:27.124367581 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/abrt.if 2011-11-07 16:15:27.583367757 -0500 @@ -336,9 +336,13 @@ interface(`abrt_admin',` type abrt_initrc_exec_t; ') @@ -491,8 +534,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace serefpolicy-3 domain_system_change_exemption($1) role_transition $2 abrt_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/accountsd.if ---- serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace 2011-11-04 16:32:07.231065504 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/accountsd.if 2011-11-04 16:32:07.788066569 -0400 +--- serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace 2011-11-07 16:15:27.126367581 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/accountsd.if 2011-11-07 16:15:27.584367758 -0500 @@ -138,8 +138,12 @@ interface(`accountsd_admin',` type accountsd_t; ') @@ -508,8 +551,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace serefpol accountsd_manage_lib_files($1) ') diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace serefpolicy-3.10.0/policy/modules/services/accountsd.te ---- serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace 2011-11-04 16:32:07.232065506 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/accountsd.te 2011-11-04 16:32:07.789066570 -0400 +--- serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace 2011-11-07 16:15:27.126367581 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/accountsd.te 2011-11-07 16:15:27.585367759 -0500 @@ -19,7 +19,7 @@ files_type(accountsd_var_lib_t) # accountsd local policy # @@ -520,8 +563,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace serefpol allow accountsd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace serefpolicy-3.10.0/policy/modules/services/afs.if ---- serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace 2011-11-04 16:32:07.232065506 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/afs.if 2011-11-04 16:32:07.791066575 -0400 +--- serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace 2011-11-07 16:15:27.127367582 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/afs.if 2011-11-07 16:15:27.586367759 -0500 @@ -97,9 +97,13 @@ interface(`afs_admin',` type afs_t, afs_initrc_exec_t; ') @@ -539,7 +582,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace serefpolicy-3. domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace serefpolicy-3.10.0/policy/modules/services/aiccu.if --- serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/aiccu.if 2011-11-04 16:32:07.792066578 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/aiccu.if 2011-11-07 16:15:27.586367759 -0500 @@ -79,9 +79,13 @@ interface(`aiccu_admin',` type aiccu_var_run_t; ') @@ -556,8 +599,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 aiccu_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace serefpolicy-3.10.0/policy/modules/services/aide.if ---- serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace 2011-11-04 16:32:07.235065510 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/aide.if 2011-11-04 16:32:07.793066580 -0400 +--- serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace 2011-11-07 16:15:27.129367584 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/aide.if 2011-11-07 16:15:27.587367759 -0500 @@ -61,9 +61,13 @@ interface(`aide_admin',` type aide_t, aide_db_t, aide_log_t; ') @@ -574,8 +617,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace serefpolicy-3 admin_pattern($1, aide_db_t) diff -up serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace serefpolicy-3.10.0/policy/modules/services/aisexec.if ---- serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace 2011-11-04 16:32:07.237065515 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/aisexec.if 2011-11-04 16:32:07.794066581 -0400 +--- serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace 2011-11-07 16:15:27.130367584 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/aisexec.if 2011-11-07 16:15:27.588367759 -0500 @@ -82,9 +82,13 @@ interface(`aisexecd_admin',` type aisexec_initrc_exec_t; ') @@ -592,8 +635,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace serefpolic domain_system_change_exemption($1) role_transition $2 aisexec_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace serefpolicy-3.10.0/policy/modules/services/ajaxterm.if ---- serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace 2011-11-04 16:32:07.239065520 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ajaxterm.if 2011-11-04 16:32:07.795066583 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace 2011-11-07 16:15:27.132367584 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ajaxterm.if 2011-11-07 16:15:27.589367759 -0500 @@ -76,9 +76,13 @@ interface(`ajaxterm_admin',` type ajaxterm_t, ajaxterm_initrc_exec_t; ') @@ -611,7 +654,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace serefpoli role_transition $2 ajaxterm_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace serefpolicy-3.10.0/policy/modules/services/amavis.if --- serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/amavis.if 2011-11-04 16:32:07.796066585 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/amavis.if 2011-11-07 16:15:27.590367760 -0500 @@ -231,9 +231,13 @@ interface(`amavis_admin',` type amavis_initrc_exec_t; ') @@ -628,8 +671,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace serefpolicy domain_system_change_exemption($1) role_transition $2 amavis_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace serefpolicy-3.10.0/policy/modules/services/apache.if ---- serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace 2011-11-04 16:32:07.746066489 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/apache.if 2011-11-04 16:32:07.798066589 -0400 +--- serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace 2011-11-07 16:15:27.546367744 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/apache.if 2011-11-07 16:15:27.592367761 -0500 @@ -1297,9 +1297,13 @@ interface(`apache_admin',` type httpd_unit_file_t; ') @@ -647,7 +690,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace serefpolicy role_transition $2 httpd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/apcupsd.if --- serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/apcupsd.if 2011-11-04 16:32:07.799066590 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/apcupsd.if 2011-11-07 16:15:27.593367761 -0500 @@ -146,9 +146,13 @@ interface(`apcupsd_admin',` type apcupsd_initrc_exec_t; ') @@ -664,8 +707,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace serefpolic domain_system_change_exemption($1) role_transition $2 apcupsd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace serefpolicy-3.10.0/policy/modules/services/apm.te ---- serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace 2011-11-04 16:32:07.249065538 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/apm.te 2011-11-04 16:32:07.800066591 -0400 +--- serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace 2011-11-07 16:15:27.141367588 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/apm.te 2011-11-07 16:15:27.594367761 -0500 @@ -60,7 +60,7 @@ logging_send_syslog_msg(apm_t) # mknod: controlling an orderly resume of PCMCIA requires creating device # nodes 254,{0,1,2} for some reason. @@ -676,8 +719,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace serefpolicy-3. allow apmd_t self:fifo_file rw_fifo_file_perms; allow apmd_t self:netlink_socket create_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace serefpolicy-3.10.0/policy/modules/services/arpwatch.if ---- serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace 2011-11-04 16:32:07.249065538 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/arpwatch.if 2011-11-04 16:32:07.800066591 -0400 +--- serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace 2011-11-07 16:15:27.141367588 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/arpwatch.if 2011-11-07 16:15:27.595367761 -0500 @@ -137,9 +137,13 @@ interface(`arpwatch_admin',` type arpwatch_initrc_exec_t; ') @@ -694,8 +737,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 arpwatch_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace serefpolicy-3.10.0/policy/modules/services/asterisk.if ---- serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace 2011-11-04 16:32:07.251065543 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/asterisk.if 2011-11-04 16:32:07.801066593 -0400 +--- serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace 2011-11-07 16:15:27.142367589 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/asterisk.if 2011-11-07 16:15:27.596367762 -0500 @@ -64,9 +64,13 @@ interface(`asterisk_admin',` type asterisk_initrc_exec_t; ') @@ -712,8 +755,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 asterisk_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace serefpolicy-3.10.0/policy/modules/services/automount.if ---- serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace 2011-11-04 16:32:07.253065546 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/automount.if 2011-11-04 16:32:07.802066596 -0400 +--- serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace 2011-11-07 16:15:27.144367589 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/automount.if 2011-11-07 16:15:27.597367763 -0500 @@ -150,9 +150,13 @@ interface(`automount_admin',` type automount_var_run_t, automount_initrc_exec_t; ') @@ -730,8 +773,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace serefpol domain_system_change_exemption($1) role_transition $2 automount_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace serefpolicy-3.10.0/policy/modules/services/avahi.if ---- serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace 2011-11-04 16:32:07.254065548 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/avahi.if 2011-11-04 16:32:07.803066599 -0400 +--- serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace 2011-11-07 16:15:27.145367589 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/avahi.if 2011-11-07 16:15:27.597367763 -0500 @@ -154,9 +154,13 @@ interface(`avahi_admin',` type avahi_t, avahi_var_run_t, avahi_initrc_exec_t; ') @@ -748,8 +791,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 avahi_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace serefpolicy-3.10.0/policy/modules/services/bind.if ---- serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace 2011-11-04 16:32:07.256065552 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/bind.if 2011-11-04 16:32:07.804066601 -0400 +--- serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace 2011-11-07 16:15:27.147367590 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/bind.if 2011-11-07 16:15:27.598367764 -0500 @@ -408,12 +408,20 @@ interface(`bind_admin',` type dnssec_t, ndc_t, named_keytab_t; ') @@ -775,7 +818,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, named_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace serefpolicy-3.10.0/policy/modules/services/bitlbee.if --- serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/bitlbee.if 2011-11-04 16:32:07.806066604 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/bitlbee.if 2011-11-07 16:15:27.599367764 -0500 @@ -43,9 +43,13 @@ interface(`bitlbee_admin',` type bitlbee_initrc_exec_t; ') @@ -792,8 +835,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace serefpolic domain_system_change_exemption($1) role_transition $2 bitlbee_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace serefpolicy-3.10.0/policy/modules/services/bluetooth.if ---- serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace 2011-11-04 16:32:07.259065556 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/bluetooth.if 2011-11-04 16:32:07.807066606 -0400 +--- serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace 2011-11-07 16:15:27.149367591 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/bluetooth.if 2011-11-07 16:15:27.600367764 -0500 @@ -28,7 +28,11 @@ interface(`bluetooth_role',` # allow ps to show cdrecord and allow the user to kill it @@ -823,8 +866,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace serefpol domain_system_change_exemption($1) role_transition $2 bluetooth_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace serefpolicy-3.10.0/policy/modules/services/boinc.if ---- serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace 2011-11-04 16:32:07.262065564 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/boinc.if 2011-11-04 16:32:07.808066608 -0400 +--- serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace 2011-11-07 16:15:27.151367591 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/boinc.if 2011-11-07 16:15:27.600367764 -0500 @@ -137,9 +137,13 @@ interface(`boinc_admin',` type boinc_t, boinc_initrc_exec_t, boinc_var_lib_t; ') @@ -841,8 +884,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 boinc_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace serefpolicy-3.10.0/policy/modules/services/boinc.te ---- serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace 2011-11-04 16:32:07.726066451 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-11-04 16:32:07.809066610 -0400 +--- serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace 2011-11-07 16:15:27.531367738 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-11-07 16:15:27.601367764 -0500 @@ -121,9 +121,13 @@ mta_send_mail(boinc_t) domtrans_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_t) allow boinc_t boinc_project_t:process sigkill; @@ -859,8 +902,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace serefpolicy- allow boinc_project_t self:sem create_sem_perms; diff -up serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace serefpolicy-3.10.0/policy/modules/services/bugzilla.if ---- serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace 2011-11-04 16:32:07.264065567 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/bugzilla.if 2011-11-04 16:32:07.809066610 -0400 +--- serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace 2011-11-07 16:15:27.153367592 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/bugzilla.if 2011-11-07 16:15:27.602367764 -0500 @@ -62,9 +62,13 @@ interface(`bugzilla_admin',` type httpd_bugzilla_htaccess_t, httpd_bugzilla_tmp_t; ') @@ -877,8 +920,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace serefpoli admin_pattern($1, httpd_bugzilla_tmp_t) diff -up serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace serefpolicy-3.10.0/policy/modules/services/callweaver.if ---- serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace 2011-11-04 16:32:07.268065575 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/callweaver.if 2011-11-04 16:32:07.810066612 -0400 +--- serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace 2011-11-07 16:15:27.156367594 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/callweaver.if 2011-11-07 16:15:27.603367765 -0500 @@ -336,9 +336,13 @@ interface(`callweaver_admin',` type callweaver_spool_t; ') @@ -896,7 +939,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace serefpo role_transition $2 callweaver_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace serefpolicy-3.10.0/policy/modules/services/canna.if --- serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/canna.if 2011-11-04 16:32:07.811066613 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/canna.if 2011-11-07 16:15:27.604367766 -0500 @@ -42,9 +42,13 @@ interface(`canna_admin',` type canna_var_run_t, canna_initrc_exec_t; ') @@ -913,8 +956,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 canna_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace serefpolicy-3.10.0/policy/modules/services/certmaster.if ---- serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace 2011-11-04 16:32:07.273065585 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/certmaster.if 2011-11-04 16:32:07.812066614 -0400 +--- serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace 2011-11-07 16:15:27.160367595 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/certmaster.if 2011-11-07 16:15:27.604367766 -0500 @@ -119,9 +119,13 @@ interface(`certmaster_admin',` type certmaster_etc_rw_t, certmaster_var_log_t, certmaster_initrc_exec_t; ') @@ -931,8 +974,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace serefpo domain_system_change_exemption($1) role_transition $2 certmaster_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace serefpolicy-3.10.0/policy/modules/services/certmonger.if ---- serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace 2011-11-04 16:32:07.275065588 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/certmonger.if 2011-11-04 16:32:07.814066619 -0400 +--- serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace 2011-11-07 16:15:27.161367596 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/certmonger.if 2011-11-07 16:15:27.605367766 -0500 @@ -158,7 +158,11 @@ interface(`certmonger_admin',` ') @@ -947,8 +990,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace serefpo # Allow certmonger_t to restart the apache service certmonger_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace serefpolicy-3.10.0/policy/modules/services/cgroup.if ---- serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace 2011-11-04 16:32:07.278065594 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cgroup.if 2011-11-04 16:32:07.815066622 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace 2011-11-07 16:15:27.163367596 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/cgroup.if 2011-11-07 16:15:27.606367766 -0500 @@ -171,15 +171,27 @@ interface(`cgroup_admin',` type cgrules_etc_t, cgclear_t; ') @@ -981,8 +1024,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace serefpolicy admin_pattern($1, cgrules_etc_t) files_list_etc($1) diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace serefpolicy-3.10.0/policy/modules/services/cgroup.te ---- serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace 2011-11-04 16:32:07.278065594 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cgroup.te 2011-11-04 16:32:07.815066622 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace 2011-11-07 16:15:27.164367596 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/cgroup.te 2011-11-07 16:15:27.607367766 -0500 @@ -76,7 +76,8 @@ fs_unmount_cgroup(cgconfig_t) # cgred personal policy. # @@ -994,8 +1037,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace serefpolicy allow cgred_t self:unix_dgram_socket { write create connect }; diff -up serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace serefpolicy-3.10.0/policy/modules/services/chronyd.if ---- serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace 2011-11-04 16:32:07.280065598 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/chronyd.if 2011-11-04 16:32:07.816066624 -0400 +--- serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace 2011-11-07 16:15:27.165367596 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/chronyd.if 2011-11-07 16:15:27.607367766 -0500 @@ -217,9 +217,13 @@ interface(`chronyd_admin',` type chronyd_keys_t; ') @@ -1012,8 +1055,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace serefpolic domain_system_change_exemption($1) role_transition $2 chronyd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace serefpolicy-3.10.0/policy/modules/services/clamav.if ---- serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace 2011-11-04 16:32:07.282065600 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/clamav.if 2011-11-04 16:32:07.817066625 -0400 +--- serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace 2011-11-07 16:15:27.167367598 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/clamav.if 2011-11-07 16:15:27.608367766 -0500 @@ -176,13 +176,19 @@ interface(`clamav_admin',` type freshclam_t, freshclam_var_log_t; ') @@ -1038,8 +1081,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace serefpolicy init_labeled_script_domtrans($1, clamd_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace serefpolicy-3.10.0/policy/modules/services/cmirrord.if ---- serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace 2011-11-04 16:32:07.289065615 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cmirrord.if 2011-11-04 16:32:07.818066627 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace 2011-11-07 16:15:27.172367599 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/cmirrord.if 2011-11-07 16:15:27.609367767 -0500 @@ -101,9 +101,13 @@ interface(`cmirrord_admin',` type cmirrord_t, cmirrord_initrc_exec_t, cmirrord_var_run_t; ') @@ -1056,8 +1099,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 cmirrord_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace serefpolicy-3.10.0/policy/modules/services/cobbler.if ---- serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace 2011-11-04 16:32:07.290065617 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cobbler.if 2011-11-04 16:32:07.819066629 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace 2011-11-07 16:15:27.173367600 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/cobbler.if 2011-11-07 16:15:27.609367767 -0500 @@ -189,9 +189,13 @@ interface(`cobblerd_admin',` type httpd_cobbler_content_ra_t, httpd_cobbler_content_rw_t; ') @@ -1074,8 +1117,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace serefpolic admin_pattern($1, cobbler_etc_t) diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace serefpolicy-3.10.0/policy/modules/services/cobbler.te ---- serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace 2011-11-04 16:32:07.291065619 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cobbler.te 2011-11-04 16:32:07.820066631 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace 2011-11-07 16:15:27.174367601 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/cobbler.te 2011-11-07 16:15:27.610367768 -0500 @@ -60,7 +60,7 @@ files_tmp_file(cobbler_tmp_t) # @@ -1086,8 +1129,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace serefpolic allow cobblerd_t self:process { getsched setsched signal }; allow cobblerd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace serefpolicy-3.10.0/policy/modules/services/collectd.if ---- serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace 2011-11-04 16:32:07.292065620 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/collectd.if 2011-11-04 16:32:07.821066633 -0400 +--- serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace 2011-11-07 16:15:27.175367601 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/collectd.if 2011-11-07 16:15:27.611367769 -0500 @@ -142,9 +142,13 @@ interface(`collectd_admin',` type collectd_var_lib_t; ') @@ -1104,8 +1147,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 collectd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace serefpolicy-3.10.0/policy/modules/services/consolekit.te ---- serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace 2011-11-04 16:32:07.295065626 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/consolekit.te 2011-11-04 16:32:07.822066635 -0400 +--- serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace 2011-11-07 16:15:27.178367601 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/consolekit.te 2011-11-07 16:15:27.611367769 -0500 @@ -23,7 +23,8 @@ files_tmpfs_file(consolekit_tmpfs_t) # consolekit local policy # @@ -1127,8 +1170,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace serefpo unconfined_stream_connect(consolekit_t) ') diff -up serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace serefpolicy-3.10.0/policy/modules/services/corosync.if ---- serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace 2011-11-04 16:32:07.297065631 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/corosync.if 2011-11-04 16:32:07.823066636 -0400 +--- serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace 2011-11-07 16:15:27.179367602 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/corosync.if 2011-11-07 16:15:27.612367769 -0500 @@ -101,9 +101,13 @@ interface(`corosyncd_admin',` type corosync_initrc_exec_t; ') @@ -1145,8 +1188,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 corosync_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace serefpolicy-3.10.0/policy/modules/services/corosync.te ---- serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace 2011-11-04 16:32:07.297065631 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/corosync.te 2011-11-04 16:32:07.823066636 -0400 +--- serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace 2011-11-07 16:15:27.180367603 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/corosync.te 2011-11-07 16:15:27.613367769 -0500 @@ -33,7 +33,7 @@ files_pid_file(corosync_var_run_t) # corosync local policy # @@ -1157,8 +1200,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace serefpoli allow corosync_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace serefpolicy-3.10.0/policy/modules/services/cron.if ---- serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace 2011-11-04 16:32:07.303065642 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cron.if 2011-11-04 16:32:07.825066639 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace 2011-11-07 16:15:27.184367604 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/cron.if 2011-11-07 16:15:27.613367769 -0500 @@ -140,7 +140,11 @@ interface(`cron_role',` # crontab shows up in user ps @@ -1197,8 +1240,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace serefpolicy-3 # Run helper programs as the user domain #corecmd_bin_domtrans(admin_crontab_t, $2) diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace serefpolicy-3.10.0/policy/modules/services/cron.te ---- serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace 2011-11-04 16:32:07.727066453 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-11-04 16:32:07.826066642 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace 2011-11-07 16:15:27.532367738 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-11-07 16:15:27.614367769 -0500 @@ -350,7 +350,6 @@ optional_policy(` # @@ -1208,8 +1251,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace serefpolicy-3 allow system_cronjob_t self:process { signal_perms getsched setsched }; allow system_cronjob_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ctdbd.if ---- serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace 2011-11-04 16:32:07.306065646 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ctdbd.if 2011-11-04 16:32:07.827066644 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace 2011-11-07 16:15:27.186367605 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ctdbd.if 2011-11-07 16:15:27.615367769 -0500 @@ -236,8 +236,11 @@ interface(`ctdbd_admin',` type ctdbd_log_t, ctdbd_var_lib_t, ctdbd_var_run_t; ') @@ -1224,8 +1267,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace serefpolicy- ctdbd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace serefpolicy-3.10.0/policy/modules/services/ctdbd.te ---- serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace 2011-11-04 16:32:07.307065649 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ctdbd.te 2011-11-04 16:32:07.828066646 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace 2011-11-07 16:15:27.187367606 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ctdbd.te 2011-11-07 16:15:27.616367770 -0500 @@ -33,7 +33,7 @@ files_pid_file(ctdbd_var_run_t) # ctdbd local policy # @@ -1236,8 +1279,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace serefpolicy- allow ctdbd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace serefpolicy-3.10.0/policy/modules/services/cups.if ---- serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace 2011-11-04 16:32:07.308065651 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cups.if 2011-11-04 16:32:07.828066646 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace 2011-11-07 16:15:27.188367606 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/cups.if 2011-11-07 16:15:27.617367771 -0500 @@ -327,9 +327,13 @@ interface(`cups_admin',` type ptal_var_run_t; ') @@ -1254,8 +1297,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace serefpolicy-3 domain_system_change_exemption($1) role_transition $2 cupsd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace serefpolicy-3.10.0/policy/modules/services/cvs.if ---- serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace 2011-11-04 16:32:07.310065655 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cvs.if 2011-11-04 16:32:07.830066650 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace 2011-11-07 16:15:27.190367606 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/cvs.if 2011-11-07 16:15:27.617367771 -0500 @@ -80,9 +80,13 @@ interface(`cvs_admin',` type cvs_data_t, cvs_var_run_t; ') @@ -1273,7 +1316,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace serefpolicy-3. domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace serefpolicy-3.10.0/policy/modules/services/cyrus.if --- serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cyrus.if 2011-11-04 16:32:07.830066650 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cyrus.if 2011-11-07 16:15:27.618367771 -0500 @@ -62,9 +62,13 @@ interface(`cyrus_admin',` type cyrus_var_run_t, cyrus_initrc_exec_t; ') @@ -1290,8 +1333,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 cyrus_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace serefpolicy-3.10.0/policy/modules/services/dbus.if ---- serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace 2011-11-04 16:32:07.316065665 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dbus.if 2011-11-04 16:32:07.831066652 -0400 +--- serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace 2011-11-07 16:15:27.194367609 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/dbus.if 2011-11-07 16:15:27.619367771 -0500 @@ -71,7 +71,11 @@ template(`dbus_role_template',` domtrans_pattern($3, dbusd_exec_t, $1_dbusd_t) @@ -1306,8 +1349,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace serefpolicy-3 # cjp: this seems very broken corecmd_bin_domtrans($1_dbusd_t, $1_t) diff -up serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace serefpolicy-3.10.0/policy/modules/services/ddclient.if ---- serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace 2011-11-04 16:32:07.319065673 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ddclient.if 2011-11-04 16:32:07.832066654 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace 2011-11-07 16:15:27.197367609 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ddclient.if 2011-11-07 16:15:27.620367771 -0500 @@ -68,9 +68,13 @@ interface(`ddclient_admin',` type ddclient_var_run_t; ') @@ -1324,8 +1367,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 ddclient_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace serefpolicy-3.10.0/policy/modules/services/denyhosts.if ---- serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace 2011-11-04 16:32:07.320065675 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/denyhosts.if 2011-11-04 16:32:07.833066656 -0400 +--- serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace 2011-11-07 16:15:27.198367609 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/denyhosts.if 2011-11-07 16:15:27.620367771 -0500 @@ -67,9 +67,13 @@ interface(`denyhosts_admin',` type denyhosts_var_log_t, denyhosts_initrc_exec_t; ') @@ -1342,8 +1385,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace serefpol domain_system_change_exemption($1) role_transition $2 denyhosts_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace serefpolicy-3.10.0/policy/modules/services/devicekit.if ---- serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace 2011-11-04 16:32:07.323065680 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/devicekit.if 2011-11-04 16:32:07.834066657 -0400 +--- serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace 2011-11-07 16:15:27.200367611 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/devicekit.if 2011-11-07 16:15:27.621367771 -0500 @@ -308,13 +308,18 @@ interface(`devicekit_admin',` type devicekit_var_lib_t, devicekit_var_run_t, devicekit_tmp_t; ') @@ -1367,8 +1410,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace serefpol admin_pattern($1, devicekit_tmp_t) diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace serefpolicy-3.10.0/policy/modules/services/devicekit.te ---- serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace 2011-11-04 16:32:07.324065682 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/devicekit.te 2011-11-04 16:32:07.835066658 -0400 +--- serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace 2011-11-07 16:15:27.201367611 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/devicekit.te 2011-11-07 16:15:27.622367772 -0500 @@ -65,7 +65,8 @@ optional_policy(` # DeviceKit disk local policy # @@ -1389,8 +1432,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace serefpol allow devicekit_power_t self:fifo_file rw_fifo_file_perms; allow devicekit_power_t self:unix_dgram_socket create_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace serefpolicy-3.10.0/policy/modules/services/dhcp.if ---- serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace 2011-11-04 16:32:07.325065684 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dhcp.if 2011-11-04 16:32:07.836066660 -0400 +--- serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace 2011-11-07 16:15:27.202367611 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/dhcp.if 2011-11-07 16:15:27.622367772 -0500 @@ -105,8 +105,11 @@ interface(`dhcpd_admin',` type dhcpd_var_run_t, dhcpd_initrc_exec_t; ') @@ -1406,7 +1449,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace serefpolicy-3 domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace serefpolicy-3.10.0/policy/modules/services/dictd.if --- serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dictd.if 2011-11-04 16:32:07.837066663 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/dictd.if 2011-11-07 16:15:27.623367773 -0500 @@ -38,8 +38,11 @@ interface(`dictd_admin',` type dictd_var_run_t, dictd_initrc_exec_t; ') @@ -1421,8 +1464,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace serefpolicy- init_labeled_script_domtrans($1, dictd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace serefpolicy-3.10.0/policy/modules/services/dnsmasq.if ---- serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace 2011-11-04 16:32:07.333065699 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dnsmasq.if 2011-11-04 16:32:07.838066666 -0400 +--- serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace 2011-11-07 16:15:27.209367614 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/dnsmasq.if 2011-11-07 16:15:27.624367774 -0500 @@ -298,8 +298,11 @@ interface(`dnsmasq_admin',` type dnsmasq_initrc_exec_t; ') @@ -1437,8 +1480,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace serefpolic init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace serefpolicy-3.10.0/policy/modules/services/dovecot.if ---- serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace 2011-11-04 16:32:07.335065703 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dovecot.if 2011-11-04 16:32:07.839066668 -0400 +--- serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace 2011-11-07 16:15:27.211367614 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/dovecot.if 2011-11-07 16:15:27.624367774 -0500 @@ -119,8 +119,11 @@ interface(`dovecot_admin',` type dovecot_cert_t, dovecot_passwd_t, dovecot_initrc_exec_t; ') @@ -1453,8 +1496,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace serefpolic init_labeled_script_domtrans($1, dovecot_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace serefpolicy-3.10.0/policy/modules/services/drbd.if ---- serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace 2011-11-04 16:32:07.338065708 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/drbd.if 2011-11-04 16:32:07.840066669 -0400 +--- serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace 2011-11-07 16:15:27.212367614 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/drbd.if 2011-11-07 16:15:27.625367774 -0500 @@ -120,8 +120,11 @@ interface(`drbd_admin',` type drbd_var_lib_t; ') @@ -1469,8 +1512,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace serefpolicy-3 files_search_var_lib($1) admin_pattern($1, drbd_var_lib_t) diff -up serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace serefpolicy-3.10.0/policy/modules/services/dspam.if ---- serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace 2011-11-04 16:32:07.340065711 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dspam.if 2011-11-04 16:32:07.841066671 -0400 +--- serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace 2011-11-07 16:15:27.214367616 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/dspam.if 2011-11-07 16:15:27.627367774 -0500 @@ -244,8 +244,11 @@ interface(`dspam_admin',` type dspam_var_run_t; ') @@ -1485,8 +1528,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace serefpolicy- dspam_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace serefpolicy-3.10.0/policy/modules/services/exim.if ---- serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace 2011-11-04 16:32:07.342065717 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/exim.if 2011-11-04 16:32:07.842066673 -0400 +--- serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace 2011-11-07 16:15:27.216367617 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/exim.if 2011-11-07 16:15:27.627367774 -0500 @@ -260,8 +260,11 @@ interface(`exim_admin',` type exim_tmp_t, exim_spool_t, exim_var_run_t; ') @@ -1501,8 +1544,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace serefpolicy-3 exim_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace serefpolicy-3.10.0/policy/modules/services/fail2ban.if ---- serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace 2011-11-04 16:32:07.344065720 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/fail2ban.if 2011-11-04 16:32:07.843066675 -0400 +--- serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace 2011-11-07 16:15:27.217367617 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/fail2ban.if 2011-11-07 16:15:27.628367774 -0500 @@ -199,8 +199,11 @@ interface(`fail2ban_admin',` type fail2ban_client_t; ') @@ -1517,8 +1560,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace serefpoli init_labeled_script_domtrans($1, fail2ban_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace serefpolicy-3.10.0/policy/modules/services/fcoemon.if ---- serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace 2011-11-04 16:32:07.346065724 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/fcoemon.if 2011-11-04 16:32:07.843066675 -0400 +--- serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace 2011-11-07 16:15:27.219367617 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/fcoemon.if 2011-11-07 16:15:27.629367774 -0500 @@ -81,8 +81,11 @@ interface(`fcoemon_admin',` type fcoemon_var_run_t; ') @@ -1533,8 +1576,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace serefpolic files_search_pids($1) admin_pattern($1, fcoemon_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace serefpolicy-3.10.0/policy/modules/services/fetchmail.if ---- serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace 2011-11-04 16:32:07.349065730 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/fetchmail.if 2011-11-04 16:32:07.844066677 -0400 +--- serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace 2011-11-07 16:15:27.221367619 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/fetchmail.if 2011-11-07 16:15:27.629367774 -0500 @@ -18,8 +18,11 @@ interface(`fetchmail_admin',` type fetchmail_var_run_t; ') @@ -1549,8 +1592,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace serefpol files_list_etc($1) admin_pattern($1, fetchmail_etc_t) diff -up serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace serefpolicy-3.10.0/policy/modules/services/firewalld.if ---- serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace 2011-11-04 16:32:07.352065734 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/firewalld.if 2011-11-04 16:32:07.845066679 -0400 +--- serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace 2011-11-07 16:15:27.223367619 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/firewalld.if 2011-11-07 16:15:27.630367775 -0500 @@ -62,8 +62,11 @@ interface(`firewalld_admin',` type firewalld_initrc_exec_t; ') @@ -1565,8 +1608,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace serefpol firewalld_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace serefpolicy-3.10.0/policy/modules/services/fprintd.te ---- serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace 2011-11-04 16:32:07.354065739 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/fprintd.te 2011-11-04 16:32:07.846066680 -0400 +--- serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace 2011-11-07 16:15:27.225367619 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/fprintd.te 2011-11-07 16:15:27.631367776 -0500 @@ -17,7 +17,8 @@ files_type(fprintd_var_lib_t) # Local policy # @@ -1578,8 +1621,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace serefpolic allow fprintd_t self:process { getsched setsched signal }; diff -up serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ftp.if ---- serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace 2011-11-04 16:32:07.355065741 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ftp.if 2011-11-04 16:32:07.847066681 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace 2011-11-07 16:15:27.226367620 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ftp.if 2011-11-07 16:15:27.631367776 -0500 @@ -237,8 +237,11 @@ interface(`ftp_admin',` type ftpd_initrc_exec_t; ') @@ -1594,8 +1637,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace serefpolicy-3. init_labeled_script_domtrans($1, ftpd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/git.if.ptrace serefpolicy-3.10.0/policy/modules/services/git.if ---- serefpolicy-3.10.0/policy/modules/services/git.if.ptrace 2011-11-04 16:32:07.359065749 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/git.if 2011-11-04 16:32:07.848066683 -0400 +--- serefpolicy-3.10.0/policy/modules/services/git.if.ptrace 2011-11-07 16:15:27.229367622 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/git.if 2011-11-07 16:15:27.632367777 -0500 @@ -42,8 +42,11 @@ interface(`git_session_role',` domtrans_pattern($2, gitd_exec_t, git_session_t) @@ -1610,8 +1653,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/git.if.ptrace serefpolicy-3. ######################################## diff -up serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace serefpolicy-3.10.0/policy/modules/services/glance.if ---- serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace 2011-11-04 16:32:07.361065752 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/glance.if 2011-11-04 16:32:07.849066686 -0400 +--- serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace 2011-11-07 16:15:27.231367622 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/glance.if 2011-11-07 16:15:27.633367777 -0500 @@ -245,10 +245,14 @@ interface(`glance_admin',` type glance_api_initrc_exec_t; ') @@ -1630,8 +1673,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace serefpolicy init_labeled_script_domtrans($1, glance_registry_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace serefpolicy-3.10.0/policy/modules/services/gnomeclock.te ---- serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace 2011-11-04 16:32:07.364065758 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/gnomeclock.te 2011-11-04 16:32:07.850066688 -0400 +--- serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace 2011-11-07 16:15:27.233367623 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/gnomeclock.te 2011-11-07 16:15:27.633367777 -0500 @@ -14,7 +14,7 @@ dbus_system_domain(gnomeclock_t, gnomecl # gnomeclock local policy # @@ -1642,8 +1685,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace serefpo allow gnomeclock_t self:fifo_file rw_fifo_file_perms; allow gnomeclock_t self:unix_stream_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace serefpolicy-3.10.0/policy/modules/services/gpsd.te ---- serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace 2011-11-04 16:32:07.366065763 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/gpsd.te 2011-11-04 16:32:07.851066690 -0400 +--- serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace 2011-11-07 16:15:27.235367624 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/gpsd.te 2011-11-07 16:15:27.634367777 -0500 @@ -25,7 +25,7 @@ files_pid_file(gpsd_var_run_t) # @@ -1654,8 +1697,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace serefpolicy-3 allow gpsd_t self:shm create_shm_perms; allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto }; diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace serefpolicy-3.10.0/policy/modules/services/hadoop.if ---- serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace 2011-11-04 16:32:07.728066455 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-11-04 16:32:07.852066692 -0400 +--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace 2011-11-07 16:15:27.533367738 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-11-07 16:15:27.635367777 -0500 @@ -222,14 +222,21 @@ interface(`hadoop_role',` hadoop_domtrans($2) role $1 types hadoop_t; @@ -1681,8 +1724,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace serefpolicy ######################################## diff -up serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace serefpolicy-3.10.0/policy/modules/services/hal.if ---- serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace 2011-11-04 16:32:07.370065770 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/hal.if 2011-11-04 16:32:07.853066694 -0400 +--- serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace 2011-11-07 16:15:27.238367624 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/hal.if 2011-11-07 16:15:27.636367777 -0500 @@ -70,7 +70,9 @@ interface(`hal_ptrace',` type hald_t; ') @@ -1695,8 +1738,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace serefpolicy-3. ######################################## diff -up serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace serefpolicy-3.10.0/policy/modules/services/hal.te ---- serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace 2011-11-04 16:32:07.371065772 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/hal.te 2011-11-04 16:32:07.854066696 -0400 +--- serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace 2011-11-07 16:15:27.240367626 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/hal.te 2011-11-07 16:15:27.637367778 -0500 @@ -64,7 +64,7 @@ typealias hald_var_run_t alias pmtools_v # execute openvt which needs setuid @@ -1707,8 +1750,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace serefpolicy-3. allow hald_t self:fifo_file rw_fifo_file_perms; allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto }; diff -up serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace serefpolicy-3.10.0/policy/modules/services/hddtemp.if ---- serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace 2011-11-04 16:32:07.371065772 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/hddtemp.if 2011-11-04 16:32:07.855066698 -0400 +--- serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace 2011-11-07 16:15:27.241367627 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/hddtemp.if 2011-11-07 16:15:27.637367778 -0500 @@ -60,8 +60,11 @@ interface(`hddtemp_admin',` type hddtemp_t, hddtemp_etc_t, hddtemp_initrc_exec_t; ') @@ -1723,8 +1766,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace serefpolic init_labeled_script_domtrans($1, hddtemp_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace serefpolicy-3.10.0/policy/modules/services/icecast.if ---- serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace 2011-11-04 16:32:07.373065775 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/icecast.if 2011-11-04 16:32:07.856066700 -0400 +--- serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace 2011-11-07 16:15:27.242367627 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/icecast.if 2011-11-07 16:15:27.638367779 -0500 @@ -173,8 +173,11 @@ interface(`icecast_admin',` type icecast_t, icecast_initrc_exec_t; ') @@ -1739,8 +1782,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace serefpolic # Allow icecast_t to restart the apache service icecast_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ifplugd.if ---- serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace 2011-11-04 16:32:07.374065776 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ifplugd.if 2011-11-04 16:32:07.856066700 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace 2011-11-07 16:15:27.243367627 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ifplugd.if 2011-11-07 16:15:27.639367779 -0500 @@ -117,7 +117,7 @@ interface(`ifplugd_admin',` type ifplugd_initrc_exec_t; ') @@ -1751,8 +1794,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace serefpolic init_labeled_script_domtrans($1, ifplugd_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace serefpolicy-3.10.0/policy/modules/services/ifplugd.te ---- serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace 2011-11-04 16:32:07.375065778 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ifplugd.te 2011-11-04 16:32:07.857066701 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace 2011-11-07 16:15:27.243367627 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ifplugd.te 2011-11-07 16:15:27.639367779 -0500 @@ -26,7 +26,7 @@ files_pid_file(ifplugd_var_run_t) # @@ -1763,8 +1806,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace serefpolic allow ifplugd_t self:fifo_file rw_fifo_file_perms; allow ifplugd_t self:tcp_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace serefpolicy-3.10.0/policy/modules/services/inn.if ---- serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace 2011-11-04 16:32:07.378065785 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/inn.if 2011-11-04 16:32:07.859066704 -0400 +--- serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace 2011-11-07 16:15:27.247367629 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/inn.if 2011-11-07 16:15:27.640367779 -0500 @@ -202,8 +202,11 @@ interface(`inn_admin',` type innd_initrc_exec_t; ') @@ -1779,8 +1822,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace serefpolicy-3. init_labeled_script_domtrans($1, innd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace serefpolicy-3.10.0/policy/modules/services/jabber.if ---- serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace 2011-11-04 16:32:07.381065791 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/jabber.if 2011-11-04 16:32:07.860066707 -0400 +--- serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace 2011-11-07 16:15:27.249367629 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/jabber.if 2011-11-07 16:15:27.641367779 -0500 @@ -143,10 +143,14 @@ interface(`jabber_admin',` type jabberd_initrc_exec_t, jabberd_router_t; ') @@ -1799,8 +1842,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace serefpolicy init_labeled_script_domtrans($1, jabberd_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace serefpolicy-3.10.0/policy/modules/services/kerberos.if ---- serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace 2011-11-04 16:32:07.383065795 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/kerberos.if 2011-11-04 16:32:07.861066710 -0400 +--- serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace 2011-11-07 16:15:27.252367630 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/kerberos.if 2011-11-07 16:15:27.641367779 -0500 @@ -340,13 +340,18 @@ interface(`kerberos_admin',` type krb5kdc_var_run_t, krb5_host_rcache_t; ') @@ -1824,8 +1867,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace serefpoli init_labeled_script_domtrans($1, kerberos_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace serefpolicy-3.10.0/policy/modules/services/kerneloops.if ---- serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace 2011-11-04 16:32:07.385065797 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/kerneloops.if 2011-11-04 16:32:07.862066712 -0400 +--- serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace 2011-11-07 16:15:27.253367631 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/kerneloops.if 2011-11-07 16:15:27.642367779 -0500 @@ -101,8 +101,11 @@ interface(`kerneloops_admin',` type kerneloops_t, kerneloops_initrc_exec_t, kerneloops_tmp_t; ') @@ -1840,8 +1883,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace serefpo init_labeled_script_domtrans($1, kerneloops_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace serefpolicy-3.10.0/policy/modules/services/ksmtuned.if ---- serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace 2011-11-04 16:32:07.388065805 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.if 2011-11-04 16:32:07.863066713 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace 2011-11-07 16:15:27.256367632 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.if 2011-11-07 16:15:27.643367780 -0500 @@ -58,8 +58,11 @@ interface(`ksmtuned_admin',` type ksmtuned_t, ksmtuned_var_run_t, ksmtuned_initrc_exec_t; ') @@ -1856,8 +1899,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace serefpoli files_list_pids($1) admin_pattern($1, ksmtuned_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace serefpolicy-3.10.0/policy/modules/services/ksmtuned.te ---- serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace 2011-11-04 16:32:07.389065807 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.te 2011-11-04 16:32:07.863066713 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace 2011-11-07 16:15:27.256367632 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.te 2011-11-07 16:15:27.644367781 -0500 @@ -23,7 +23,7 @@ files_pid_file(ksmtuned_var_run_t) # ksmtuned local policy # @@ -1868,8 +1911,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace serefpoli manage_dirs_pattern(ksmtuned_t, ksmtuned_log_t, ksmtuned_log_t) diff -up serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/l2tpd.if ---- serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace 2011-11-04 16:32:07.391065810 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/l2tpd.if 2011-11-04 16:32:07.864066715 -0400 +--- serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace 2011-11-07 16:15:27.258367632 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/l2tpd.if 2011-11-07 16:15:27.644367781 -0500 @@ -101,8 +101,11 @@ interface(`l2tpd_admin',` type l2tpd_var_run_t; ') @@ -1884,8 +1927,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace serefpolicy- l2tpd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace serefpolicy-3.10.0/policy/modules/services/ldap.if ---- serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace 2011-11-04 16:32:07.393065814 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ldap.if 2011-11-04 16:32:07.865066717 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace 2011-11-07 16:15:27.260367634 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ldap.if 2011-11-07 16:15:27.645367782 -0500 @@ -174,8 +174,11 @@ interface(`ldap_admin',` type slapd_initrc_exec_t; ') @@ -1901,7 +1944,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace serefpolicy-3 domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace serefpolicy-3.10.0/policy/modules/services/lircd.if --- serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/lircd.if 2011-11-04 16:32:07.866066719 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/lircd.if 2011-11-07 16:15:27.646367782 -0500 @@ -80,8 +80,11 @@ interface(`lircd_admin',` type lircd_initrc_exec_t, lircd_etc_t; ') @@ -1916,8 +1959,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace serefpolicy- init_labeled_script_domtrans($1, lircd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace serefpolicy-3.10.0/policy/modules/services/lldpad.if ---- serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace 2011-11-04 16:32:07.398065822 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/lldpad.if 2011-11-04 16:32:07.867066721 -0400 +--- serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace 2011-11-07 16:15:27.264367634 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/lldpad.if 2011-11-07 16:15:27.646367782 -0500 @@ -180,8 +180,11 @@ interface(`lldpad_admin',` type lldpad_var_run_t; ') @@ -1932,8 +1975,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace serefpolicy lldpad_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/lpd.if ---- serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace 2011-11-04 16:32:07.399065825 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/lpd.if 2011-11-04 16:32:07.868066723 -0400 +--- serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace 2011-11-07 16:15:27.265367635 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/lpd.if 2011-11-07 16:15:27.647367782 -0500 @@ -28,7 +28,10 @@ interface(`lpd_role',` dontaudit lpr_t $2:unix_stream_socket { read write }; @@ -1947,8 +1990,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace serefpolicy-3. optional_policy(` cups_read_config($2) diff -up serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace serefpolicy-3.10.0/policy/modules/services/mailscanner.if ---- serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace 2011-11-04 16:32:07.404065835 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mailscanner.if 2011-11-04 16:32:07.869066724 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace 2011-11-07 16:15:27.269367637 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/mailscanner.if 2011-11-07 16:15:27.648367782 -0500 @@ -47,8 +47,11 @@ interface(`mailscanner_admin',` role_transition $2 mscan_initrc_exec_t system_r; allow $2 system_r; @@ -1963,8 +2006,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace serefp admin_pattern($1, mscan_etc_t) files_list_etc($1) diff -up serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace serefpolicy-3.10.0/policy/modules/services/matahari.te ---- serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace 2011-11-04 16:32:07.406065839 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/matahari.te 2011-11-04 16:32:07.870066725 -0400 +--- serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace 2011-11-07 16:15:27.271367637 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/matahari.te 2011-11-07 16:15:27.649367782 -0500 @@ -25,9 +25,6 @@ files_pid_file(matahari_var_run_t) # # matahari_hostd local policy @@ -1976,8 +2019,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace serefpoli dev_read_sysfs(matahari_hostd_t) diff -up serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace serefpolicy-3.10.0/policy/modules/services/memcached.if ---- serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace 2011-11-04 16:32:07.407065841 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/memcached.if 2011-11-04 16:32:07.871066727 -0400 +--- serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace 2011-11-07 16:15:27.272367638 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/memcached.if 2011-11-07 16:15:27.649367782 -0500 @@ -59,8 +59,11 @@ interface(`memcached_admin',` type memcached_t, memcached_initrc_exec_t, memcached_var_run_t; ') @@ -1992,8 +2035,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace serefpol init_labeled_script_domtrans($1, memcached_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace serefpolicy-3.10.0/policy/modules/services/mock.if ---- serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace 2011-11-04 16:32:07.412065851 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mock.if 2011-11-04 16:32:07.872066730 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace 2011-11-07 16:15:27.275367639 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/mock.if 2011-11-07 16:15:27.650367783 -0500 @@ -245,7 +245,10 @@ interface(`mock_role',` mock_run($2, $1) @@ -2024,8 +2067,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace serefpolicy-3 files_list_var_lib($1) diff -up serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace serefpolicy-3.10.0/policy/modules/services/mock.te ---- serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace 2011-11-04 16:32:07.412065851 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mock.te 2011-11-04 16:32:07.873066732 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace 2011-11-07 16:15:27.276367639 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/mock.te 2011-11-07 16:15:27.651367784 -0500 @@ -41,7 +41,7 @@ files_config_file(mock_etc_t) # mock local policy # @@ -2045,8 +2088,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace serefpolicy-3 allow mock_build_t self:process { fork setsched setpgid signal_perms }; allow mock_build_t self:netlink_audit_socket { create_socket_perms nlmsg_relay }; diff -up serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace serefpolicy-3.10.0/policy/modules/services/mojomojo.if ---- serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace 2011-11-04 16:32:07.414065855 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mojomojo.if 2011-11-04 16:32:07.873066732 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace 2011-11-07 16:15:27.278367640 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/mojomojo.if 2011-11-07 16:15:27.652367784 -0500 @@ -24,8 +24,11 @@ interface(`mojomojo_admin',` type httpd_mojomojo_script_exec_t; ') @@ -2062,7 +2105,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace serefpoli admin_pattern($1, httpd_mojomojo_tmp_t) diff -up serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/mpd.if --- serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mpd.if 2011-11-04 16:32:07.874066734 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/mpd.if 2011-11-07 16:15:27.653367784 -0500 @@ -244,8 +244,11 @@ interface(`mpd_admin',` type mpd_tmpfs_t; ') @@ -2077,8 +2120,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace serefpolicy-3. mpd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace serefpolicy-3.10.0/policy/modules/services/munin.if ---- serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace 2011-11-04 16:32:07.421065866 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/munin.if 2011-11-04 16:32:07.875066736 -0400 +--- serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace 2011-11-07 16:15:27.283367642 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/munin.if 2011-11-07 16:15:27.653367784 -0500 @@ -183,8 +183,11 @@ interface(`munin_admin',` type httpd_munin_content_t, munin_initrc_exec_t; ') @@ -2093,8 +2136,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace serefpolicy- init_labeled_script_domtrans($1, munin_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace serefpolicy-3.10.0/policy/modules/services/mysql.if ---- serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace 2011-11-04 16:32:07.423065872 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mysql.if 2011-11-04 16:32:07.876066738 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace 2011-11-07 16:15:27.285367643 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/mysql.if 2011-11-07 16:15:27.654367784 -0500 @@ -389,8 +389,11 @@ interface(`mysql_admin',` type mysqld_etc_t; ') @@ -2109,8 +2152,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace serefpolicy- init_labeled_script_domtrans($1, mysqld_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace serefpolicy-3.10.0/policy/modules/services/mysql.te ---- serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace 2011-11-04 16:32:07.423065872 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mysql.te 2011-11-04 16:32:07.877066740 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace 2011-11-07 16:15:27.286367644 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/mysql.te 2011-11-07 16:15:27.655367784 -0500 @@ -158,7 +158,6 @@ optional_policy(` # @@ -2120,8 +2163,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace serefpolicy- allow mysqld_safe_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace serefpolicy-3.10.0/policy/modules/services/nagios.if ---- serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace 2011-11-04 16:32:07.425065875 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nagios.if 2011-11-04 16:32:07.878066742 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace 2011-11-07 16:15:27.287367644 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/nagios.if 2011-11-07 16:15:27.655367784 -0500 @@ -225,8 +225,11 @@ interface(`nagios_admin',` type nagios_etc_t, nrpe_etc_t, nagios_spool_t; ') @@ -2136,8 +2179,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace serefpolicy init_labeled_script_domtrans($1, nagios_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace serefpolicy-3.10.0/policy/modules/services/networkmanager.te ---- serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace 2011-11-04 16:32:07.430065884 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/networkmanager.te 2011-11-04 16:32:07.879066744 -0400 +--- serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace 2011-11-07 16:15:27.291367645 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/networkmanager.te 2011-11-07 16:15:27.656367785 -0500 @@ -44,13 +44,17 @@ init_system_domain(wpa_cli_t, wpa_cli_ex # networkmanager will ptrace itself if gdb is installed @@ -2160,8 +2203,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace ser allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms }; allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace serefpolicy-3.10.0/policy/modules/services/nis.if ---- serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace 2011-11-04 16:32:07.431065885 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nis.if 2011-11-04 16:32:07.880066745 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace 2011-11-07 16:15:27.292367646 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/nis.if 2011-11-07 16:15:27.657367786 -0500 @@ -390,16 +390,22 @@ interface(`nis_admin',` type ypbind_initrc_exec_t, nis_initrc_exec_t, ypxfr_t; ') @@ -2190,8 +2233,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace serefpolicy-3. nis_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace serefpolicy-3.10.0/policy/modules/services/nscd.if ---- serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace 2011-11-04 16:32:07.435065895 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nscd.if 2011-11-04 16:32:07.882066748 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace 2011-11-07 16:15:27.295367647 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/nscd.if 2011-11-07 16:15:27.658367787 -0500 @@ -321,8 +321,11 @@ interface(`nscd_admin',` type nscd_initrc_exec_t; ') @@ -2206,8 +2249,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, nscd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace serefpolicy-3.10.0/policy/modules/services/nscd.te ---- serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace 2011-11-04 16:32:07.436065896 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nscd.te 2011-11-04 16:32:07.882066748 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace 2011-11-07 16:15:27.296367647 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/nscd.te 2011-11-07 16:15:27.659367787 -0500 @@ -40,7 +40,7 @@ logging_log_file(nscd_log_t) # Local policy # @@ -2218,8 +2261,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace serefpolicy-3 allow nscd_t self:process { getattr getcap setcap setsched signal_perms }; allow nscd_t self:fifo_file read_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace serefpolicy-3.10.0/policy/modules/services/nslcd.if ---- serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace 2011-11-04 16:32:07.437065898 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nslcd.if 2011-11-04 16:32:07.883066751 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace 2011-11-07 16:15:27.296367647 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/nslcd.if 2011-11-07 16:15:27.659367787 -0500 @@ -98,7 +98,10 @@ interface(`nslcd_admin',` ') @@ -2233,8 +2276,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace serefpolicy- # Allow nslcd_t to restart the apache service nslcd_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ntp.if ---- serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace 2011-11-04 16:32:07.440065904 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ntp.if 2011-11-04 16:32:07.884066754 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace 2011-11-07 16:15:27.299367648 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ntp.if 2011-11-07 16:15:27.660367787 -0500 @@ -204,8 +204,11 @@ interface(`ntp_admin',` type ntpd_key_t, ntpd_var_run_t, ntpd_initrc_exec_t; ') @@ -2249,8 +2292,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace serefpolicy-3. init_labeled_script_domtrans($1, ntpd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace serefpolicy-3.10.0/policy/modules/services/oident.if ---- serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace 2011-11-04 16:32:07.447065918 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/oident.if 2011-11-04 16:32:07.885066756 -0400 +--- serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace 2011-11-07 16:15:27.304367650 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/oident.if 2011-11-07 16:15:27.661367787 -0500 @@ -89,8 +89,11 @@ interface(`oident_admin',` type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t; ') @@ -2266,7 +2309,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace serefpolicy domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace serefpolicy-3.10.0/policy/modules/services/openvpn.if --- serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/openvpn.if 2011-11-04 16:32:07.886066757 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/openvpn.if 2011-11-07 16:15:27.661367787 -0500 @@ -144,8 +144,11 @@ interface(`openvpn_admin',` type openvpn_var_run_t, openvpn_initrc_exec_t; ') @@ -2281,8 +2324,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace serefpolic init_labeled_script_domtrans($1, openvpn_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace serefpolicy-3.10.0/policy/modules/services/pads.if ---- serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace 2011-11-04 16:32:07.451065925 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/pads.if 2011-11-04 16:32:07.887066759 -0400 +--- serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace 2011-11-07 16:15:27.307367651 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/pads.if 2011-11-07 16:15:27.662367787 -0500 @@ -31,8 +31,11 @@ interface(`pads_admin',` type pads_var_run_t; ') @@ -2297,8 +2340,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, pads_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace serefpolicy-3.10.0/policy/modules/services/pingd.if ---- serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace 2011-11-04 16:32:07.455065931 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/pingd.if 2011-11-04 16:32:07.888066761 -0400 +--- serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace 2011-11-07 16:15:27.311367654 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/pingd.if 2011-11-07 16:15:27.663367788 -0500 @@ -80,8 +80,11 @@ interface(`pingd_admin',` type pingd_initrc_exec_t; ') @@ -2313,8 +2356,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace serefpolicy- init_labeled_script_domtrans($1, pingd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace serefpolicy-3.10.0/policy/modules/services/piranha.te ---- serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace 2011-11-04 16:32:07.458065938 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/piranha.te 2011-11-04 16:32:07.889066763 -0400 +--- serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace 2011-11-07 16:15:27.314367654 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/piranha.te 2011-11-07 16:15:27.663367788 -0500 @@ -65,7 +65,11 @@ init_domtrans_script(piranha_fos_t) # @@ -2329,8 +2372,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace serefpolic allow piranha_web_t self:netlink_route_socket r_netlink_socket_perms; allow piranha_web_t self:sem create_sem_perms; diff -up serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace serefpolicy-3.10.0/policy/modules/services/plymouthd.if ---- serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace 2011-11-04 16:32:07.460065942 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/plymouthd.if 2011-11-04 16:32:07.890066765 -0400 +--- serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace 2011-11-07 16:15:27.315367654 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/plymouthd.if 2011-11-07 16:15:27.664367789 -0500 @@ -291,8 +291,11 @@ interface(`plymouthd_admin',` type plymouthd_var_run_t; ') @@ -2345,8 +2388,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace serefpol files_list_var_lib($1) admin_pattern($1, plymouthd_spool_t) diff -up serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace serefpolicy-3.10.0/policy/modules/services/policykit.te ---- serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace 2011-11-04 16:32:07.463065948 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/policykit.te 2011-11-04 16:32:07.890066765 -0400 +--- serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace 2011-11-07 16:15:27.317367655 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/policykit.te 2011-11-07 16:15:27.665367789 -0500 @@ -38,7 +38,7 @@ files_pid_file(policykit_var_run_t) # policykit local policy # @@ -2366,8 +2409,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace serefpol allow policykit_resolve_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace serefpolicy-3.10.0/policy/modules/services/polipo.if ---- serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace 2011-11-04 16:32:07.464065950 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/polipo.if 2011-11-04 16:32:07.891066767 -0400 +--- serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace 2011-11-07 16:15:27.318367656 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/polipo.if 2011-11-07 16:15:27.666367789 -0500 @@ -32,8 +32,11 @@ template(`polipo_role',` # Policy # @@ -2396,7 +2439,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace serefpolicy domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace serefpolicy-3.10.0/policy/modules/services/portreserve.if --- serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/portreserve.if 2011-11-04 16:32:07.892066768 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/portreserve.if 2011-11-07 16:15:27.667367789 -0500 @@ -104,8 +104,11 @@ interface(`portreserve_admin',` type portreserve_initrc_exec_t; ') @@ -2411,8 +2454,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace serefp portreserve_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace serefpolicy-3.10.0/policy/modules/services/postfix.if ---- serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace 2011-11-04 16:32:07.469065960 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/postfix.if 2011-11-04 16:32:07.894066771 -0400 +--- serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace 2011-11-07 16:15:27.323367657 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/postfix.if 2011-11-07 16:15:27.668367789 -0500 @@ -729,25 +729,36 @@ interface(`postfix_admin',` type postfix_smtpd_t, postfix_var_run_t; ') @@ -2458,8 +2501,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace serefpolic postfix_run_map($1, $2) diff -up serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if ---- serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace 2011-11-04 16:32:07.471065963 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if 2011-11-04 16:32:07.894066771 -0400 +--- serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace 2011-11-07 16:15:27.325367658 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if 2011-11-07 16:15:27.668367789 -0500 @@ -23,8 +23,11 @@ interface(`postfixpolicyd_admin',` type postfix_policyd_var_run_t, postfix_policyd_initrc_exec_t; ') @@ -2474,8 +2517,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace ser init_labeled_script_domtrans($1, postfix_policyd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace serefpolicy-3.10.0/policy/modules/services/postgresql.if ---- serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace 2011-11-04 16:32:07.474065969 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/postgresql.if 2011-11-04 16:32:07.895066774 -0400 +--- serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace 2011-11-07 16:15:27.327367660 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/postgresql.if 2011-11-07 16:15:27.669367790 -0500 @@ -541,8 +541,11 @@ interface(`postgresql_admin',` typeattribute $1 sepgsql_admin_type; @@ -2490,8 +2533,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace serefpo init_labeled_script_domtrans($1, postgresql_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace serefpolicy-3.10.0/policy/modules/services/postgrey.if ---- serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace 2011-11-04 16:32:07.476065973 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/postgrey.if 2011-11-04 16:32:07.896066776 -0400 +--- serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace 2011-11-07 16:15:27.328367660 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/postgrey.if 2011-11-07 16:15:27.670367791 -0500 @@ -62,8 +62,11 @@ interface(`postgrey_admin',` type postgrey_var_lib_t, postgrey_var_run_t; ') @@ -2506,8 +2549,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace serefpoli init_labeled_script_domtrans($1, postgrey_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ppp.if ---- serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace 2011-11-04 16:32:07.478065975 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ppp.if 2011-11-04 16:32:07.897066778 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace 2011-11-07 16:15:27.330367660 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ppp.if 2011-11-07 16:15:27.671367792 -0500 @@ -386,10 +386,14 @@ interface(`ppp_admin',` type pppd_initrc_exec_t, pppd_etc_rw_t; ') @@ -2526,8 +2569,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace serefpolicy-3. ppp_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace serefpolicy-3.10.0/policy/modules/services/prelude.if ---- serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace 2011-11-04 16:32:07.480065980 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/prelude.if 2011-11-04 16:32:07.898066780 -0400 +--- serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace 2011-11-07 16:15:27.332367661 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/prelude.if 2011-11-07 16:15:27.672367792 -0500 @@ -118,13 +118,18 @@ interface(`prelude_admin',` type prelude_lml_t; ') @@ -2552,7 +2595,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace serefpolic init_labeled_script_domtrans($1, prelude_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace serefpolicy-3.10.0/policy/modules/services/privoxy.if --- serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/privoxy.if 2011-11-04 16:32:07.899066782 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/privoxy.if 2011-11-07 16:15:27.673367792 -0500 @@ -23,8 +23,11 @@ interface(`privoxy_admin',` type privoxy_etc_rw_t, privoxy_var_run_t; ') @@ -2567,8 +2610,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace serefpolic init_labeled_script_domtrans($1, privoxy_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace serefpolicy-3.10.0/policy/modules/services/psad.if ---- serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace 2011-11-04 16:32:07.484065988 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/psad.if 2011-11-04 16:32:07.900066784 -0400 +--- serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace 2011-11-07 16:15:27.336367662 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/psad.if 2011-11-07 16:15:27.673367792 -0500 @@ -295,8 +295,11 @@ interface(`psad_admin',` type psad_tmp_t; ') @@ -2583,8 +2626,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, psad_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace serefpolicy-3.10.0/policy/modules/services/puppet.te ---- serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace 2011-11-04 16:32:07.488065995 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/puppet.te 2011-11-04 16:32:07.901066786 -0400 +--- serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace 2011-11-07 16:15:27.339367664 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/puppet.te 2011-11-07 16:15:27.674367792 -0500 @@ -62,7 +62,7 @@ files_tmp_file(puppetmaster_tmp_t) # Puppet personal policy # @@ -2595,8 +2638,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace serefpolicy allow puppet_t self:fifo_file rw_fifo_file_perms; allow puppet_t self:netlink_route_socket create_netlink_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace serefpolicy-3.10.0/policy/modules/services/pyzor.if ---- serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace 2011-11-04 16:32:07.490065998 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/pyzor.if 2011-11-04 16:32:07.902066788 -0400 +--- serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace 2011-11-07 16:15:27.340367665 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/pyzor.if 2011-11-07 16:15:27.675367792 -0500 @@ -29,7 +29,10 @@ interface(`pyzor_role',` # allow ps to show pyzor and allow the user to kill it @@ -2623,8 +2666,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace serefpolicy- init_labeled_script_domtrans($1, pyzord_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace serefpolicy-3.10.0/policy/modules/services/qpid.if ---- serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace 2011-11-04 16:32:07.495066009 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/qpid.if 2011-11-04 16:32:07.903066789 -0400 +--- serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace 2011-11-07 16:15:27.344367665 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/qpid.if 2011-11-07 16:15:27.675367792 -0500 @@ -177,8 +177,11 @@ interface(`qpidd_admin',` type qpidd_t, qpidd_initrc_exec_t; ') @@ -2640,7 +2683,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace serefpolicy-3 qpidd_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace serefpolicy-3.10.0/policy/modules/services/radius.if --- serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/radius.if 2011-11-04 16:32:07.904066790 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/radius.if 2011-11-07 16:15:27.676367793 -0500 @@ -38,8 +38,11 @@ interface(`radius_admin',` type radiusd_initrc_exec_t; ') @@ -2655,8 +2698,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace serefpolicy init_labeled_script_domtrans($1, radiusd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace serefpolicy-3.10.0/policy/modules/services/radvd.if ---- serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace 2011-11-04 16:32:07.499066017 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/radvd.if 2011-11-04 16:32:07.905066792 -0400 +--- serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace 2011-11-07 16:15:27.347367667 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/radvd.if 2011-11-07 16:15:27.677367794 -0500 @@ -23,8 +23,11 @@ interface(`radvd_admin',` type radvd_var_run_t; ') @@ -2671,8 +2714,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace serefpolicy- init_labeled_script_domtrans($1, radvd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace serefpolicy-3.10.0/policy/modules/services/razor.if ---- serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace 2011-11-04 16:32:07.500066018 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/razor.if 2011-11-04 16:32:07.906066795 -0400 +--- serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace 2011-11-07 16:15:27.348367667 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/razor.if 2011-11-07 16:15:27.677367794 -0500 @@ -132,7 +132,10 @@ interface(`razor_role',` # allow ps to show razor and allow the user to kill it @@ -2686,8 +2729,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace serefpolicy- manage_dirs_pattern($2, razor_home_t, razor_home_t) manage_files_pattern($2, razor_home_t, razor_home_t) diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace serefpolicy-3.10.0/policy/modules/services/rgmanager.if ---- serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace 2011-11-04 16:32:07.504066026 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rgmanager.if 2011-11-04 16:32:07.907066798 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace 2011-11-07 16:15:27.352367669 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/rgmanager.if 2011-11-07 16:15:27.678367794 -0500 @@ -117,8 +117,11 @@ interface(`rgmanager_admin',` type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t; ') @@ -2702,8 +2745,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace serefpol init_labeled_script_domtrans($1, rgmanager_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace serefpolicy-3.10.0/policy/modules/services/rgmanager.te ---- serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace 2011-11-04 16:32:07.505066028 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rgmanager.te 2011-11-04 16:32:07.907066798 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace 2011-11-07 16:15:27.353367670 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/rgmanager.te 2011-11-07 16:15:27.679367794 -0500 @@ -37,7 +37,6 @@ files_pid_file(rgmanager_var_run_t) # @@ -2713,8 +2756,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace serefpol dontaudit rgmanager_t self:process ptrace; diff -up serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if ---- serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace 2011-11-04 16:32:07.513066042 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if 2011-11-04 16:32:07.908066800 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace 2011-11-07 16:15:27.359367672 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if 2011-11-07 16:15:27.679367794 -0500 @@ -284,8 +284,11 @@ interface(`rhsmcertd_admin',` type rhsmcertd_var_run_t; ') @@ -2729,8 +2772,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace serefpol rhsmcertd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace serefpolicy-3.10.0/policy/modules/services/ricci.if ---- serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace 2011-11-04 16:32:07.515066048 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ricci.if 2011-11-04 16:32:07.909066801 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace 2011-11-07 16:15:27.361367672 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ricci.if 2011-11-07 16:15:27.680367794 -0500 @@ -245,8 +245,11 @@ interface(`ricci_admin',` type ricci_var_lib_t, ricci_var_log_t, ricci_var_run_t; ') @@ -2746,7 +2789,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace serefpolicy- domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace serefpolicy-3.10.0/policy/modules/services/roundup.if --- serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/roundup.if 2011-11-04 16:32:07.910066803 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/roundup.if 2011-11-07 16:15:27.681367794 -0500 @@ -23,8 +23,11 @@ interface(`roundup_admin',` type roundup_initrc_exec_t; ') @@ -2761,8 +2804,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace serefpolic init_labeled_script_domtrans($1, roundup_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace serefpolicy-3.10.0/policy/modules/services/rpcbind.if ---- serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace 2011-11-04 16:32:07.522066061 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rpcbind.if 2011-11-04 16:32:07.911066805 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace 2011-11-07 16:15:27.367367675 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/rpcbind.if 2011-11-07 16:15:27.682367795 -0500 @@ -155,8 +155,11 @@ interface(`rpcbind_admin',` type rpcbind_initrc_exec_t; ') @@ -2777,8 +2820,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace serefpolic init_labeled_script_domtrans($1, rpcbind_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace serefpolicy-3.10.0/policy/modules/services/rtkit.te ---- serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace 2011-11-04 16:32:07.527066070 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rtkit.te 2011-11-04 16:32:07.912066807 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace 2011-11-07 16:15:27.370367675 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/rtkit.te 2011-11-07 16:15:27.682367795 -0500 @@ -15,7 +15,7 @@ init_system_domain(rtkit_daemon_t, rtkit # rtkit_daemon local policy # @@ -2789,8 +2832,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace serefpolicy- kernel_read_system_state(rtkit_daemon_t) diff -up serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace serefpolicy-3.10.0/policy/modules/services/rwho.if ---- serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace 2011-11-04 16:32:07.528066072 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rwho.if 2011-11-04 16:32:07.913066809 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace 2011-11-07 16:15:27.371367676 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/rwho.if 2011-11-07 16:15:27.683367796 -0500 @@ -138,8 +138,11 @@ interface(`rwho_admin',` type rwho_initrc_exec_t; ') @@ -2805,8 +2848,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, rwho_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace serefpolicy-3.10.0/policy/modules/services/samba.if ---- serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace 2011-11-04 16:32:07.530066076 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/samba.if 2011-11-04 16:32:07.914066811 -0400 +--- serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace 2011-11-07 16:15:27.373367677 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/samba.if 2011-11-07 16:15:27.684367797 -0500 @@ -784,13 +784,18 @@ interface(`samba_admin',` type winbind_var_run_t, winbind_tmp_t, samba_unconfined_script_t; ') @@ -2831,7 +2874,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace serefpolicy- samba_run_smbcontrol($1, $2, $3) diff -up serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace serefpolicy-3.10.0/policy/modules/services/samhain.if --- serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/samhain.if 2011-11-04 16:32:07.915066812 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/samhain.if 2011-11-07 16:15:27.685367797 -0500 @@ -271,10 +271,14 @@ interface(`samhain_admin',` type samhain_initrc_exec_t, samhain_log_t, samhain_var_run_t; ') @@ -2850,8 +2893,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace serefpolic files_list_var_lib($1) diff -up serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace serefpolicy-3.10.0/policy/modules/services/sanlock.if ---- serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace 2011-11-04 16:32:07.533066082 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sanlock.if 2011-11-04 16:32:07.916066813 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace 2011-11-07 16:15:27.376367677 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/sanlock.if 2011-11-07 16:15:27.685367797 -0500 @@ -99,8 +99,11 @@ interface(`sanlock_admin',` type sanlock_initrc_exec_t; ') @@ -2866,8 +2909,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace serefpolic sanlock_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace serefpolicy-3.10.0/policy/modules/services/sasl.if ---- serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace 2011-11-04 16:32:07.535066084 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sasl.if 2011-11-04 16:32:07.916066813 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace 2011-11-07 16:15:27.377367678 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/sasl.if 2011-11-07 16:15:27.686367797 -0500 @@ -42,8 +42,11 @@ interface(`sasl_admin',` type saslauthd_initrc_exec_t; ') @@ -2882,8 +2925,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, saslauthd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace serefpolicy-3.10.0/policy/modules/services/sblim.if ---- serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace 2011-11-04 16:32:07.536066086 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sblim.if 2011-11-04 16:32:07.917066815 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace 2011-11-07 16:15:27.379367680 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/sblim.if 2011-11-07 16:15:27.687367797 -0500 @@ -65,11 +65,15 @@ interface(`sblim_admin',` type sblim_var_run_t; ') @@ -2904,8 +2947,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace serefpolicy- files_search_pids($1) admin_pattern($1, sblim_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace serefpolicy-3.10.0/policy/modules/services/sblim.te ---- serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace 2011-11-04 16:32:07.537066089 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sblim.te 2011-11-04 16:32:07.918066818 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace 2011-11-07 16:15:27.379367680 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/sblim.te 2011-11-07 16:15:27.687367797 -0500 @@ -24,7 +24,7 @@ files_pid_file(sblim_var_run_t) # @@ -2916,8 +2959,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace serefpolicy- allow sblim_gatherd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace serefpolicy-3.10.0/policy/modules/services/sendmail.if ---- serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace 2011-11-04 16:32:07.538066092 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sendmail.if 2011-11-04 16:32:07.919066820 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace 2011-11-07 16:15:27.380367680 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/sendmail.if 2011-11-07 16:15:27.688367797 -0500 @@ -334,10 +334,14 @@ interface(`sendmail_admin',` type mail_spool_t; ') @@ -2936,8 +2979,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace serefpoli sendmail_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if ---- serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace 2011-11-04 16:32:07.540066095 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if 2011-11-04 16:32:07.920066822 -0400 +--- serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace 2011-11-07 16:15:27.382367680 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if 2011-11-07 16:15:27.689367798 -0500 @@ -140,8 +140,11 @@ interface(`setroubleshoot_admin',` type setroubleshoot_var_lib_t; ') @@ -2952,8 +2995,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace ser logging_list_logs($1) admin_pattern($1, setroubleshoot_var_log_t) diff -up serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace serefpolicy-3.10.0/policy/modules/services/smartmon.if ---- serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace 2011-11-04 16:32:07.543066101 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/smartmon.if 2011-11-04 16:32:07.921066824 -0400 +--- serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace 2011-11-07 16:15:27.384367680 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/smartmon.if 2011-11-07 16:15:27.690367799 -0500 @@ -42,8 +42,11 @@ interface(`smartmon_admin',` type fsdaemon_initrc_exec_t; ') @@ -2969,7 +3012,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace serefpoli domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace serefpolicy-3.10.0/policy/modules/services/smokeping.if --- serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/smokeping.if 2011-11-04 16:32:07.921066824 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/smokeping.if 2011-11-07 16:15:27.690367799 -0500 @@ -153,8 +153,11 @@ interface(`smokeping_admin',` type smokeping_t, smokeping_initrc_exec_t; ') @@ -2984,8 +3027,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace serefpol smokeping_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace serefpolicy-3.10.0/policy/modules/services/snmp.if ---- serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace 2011-11-04 16:32:07.546066106 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/snmp.if 2011-11-04 16:32:07.922066826 -0400 +--- serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace 2011-11-07 16:15:27.386367682 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/snmp.if 2011-11-07 16:15:27.691367799 -0500 @@ -168,8 +168,11 @@ interface(`snmp_admin',` type snmpd_var_lib_t, snmpd_var_run_t; ') @@ -3000,8 +3043,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, snmpd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace serefpolicy-3.10.0/policy/modules/services/snmp.te ---- serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace 2011-11-04 16:32:07.547066107 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/snmp.te 2011-11-04 16:32:07.923066828 -0400 +--- serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace 2011-11-07 16:15:27.387367683 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/snmp.te 2011-11-07 16:15:27.692367799 -0500 @@ -26,7 +26,8 @@ files_type(snmpd_var_lib_t) # Local policy # @@ -3013,8 +3056,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace serefpolicy-3 allow snmpd_t self:process { signal_perms getsched setsched }; allow snmpd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace serefpolicy-3.10.0/policy/modules/services/snort.if ---- serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace 2011-11-04 16:32:07.547066107 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/snort.if 2011-11-04 16:32:07.924066830 -0400 +--- serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace 2011-11-07 16:15:27.387367683 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/snort.if 2011-11-07 16:15:27.693367799 -0500 @@ -41,8 +41,11 @@ interface(`snort_admin',` type snort_etc_t, snort_initrc_exec_t; ') @@ -3029,8 +3072,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace serefpolicy- init_labeled_script_domtrans($1, snort_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace serefpolicy-3.10.0/policy/modules/services/soundserver.if ---- serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace 2011-11-04 16:32:07.549066112 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/soundserver.if 2011-11-04 16:32:07.925066832 -0400 +--- serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace 2011-11-07 16:15:27.388367683 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/soundserver.if 2011-11-07 16:15:27.693367799 -0500 @@ -37,8 +37,11 @@ interface(`soundserver_admin',` type soundd_tmp_t, soundd_var_run_t; ') @@ -3045,8 +3088,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace serefp init_labeled_script_domtrans($1, soundd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace serefpolicy-3.10.0/policy/modules/services/spamassassin.if ---- serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace 2011-11-04 16:32:07.551066116 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/spamassassin.if 2011-11-04 16:32:07.927066834 -0400 +--- serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace 2011-11-07 16:15:27.389367683 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/spamassassin.if 2011-11-07 16:15:27.694367799 -0500 @@ -27,12 +27,12 @@ interface(`spamassassin_role',` domtrans_pattern($2, spamassassin_exec_t, spamassassin_t) @@ -3076,8 +3119,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace seref init_labeled_script_domtrans($1, spamd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace serefpolicy-3.10.0/policy/modules/services/squid.if ---- serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace 2011-11-04 16:32:07.553066120 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/squid.if 2011-11-04 16:32:07.928066836 -0400 +--- serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace 2011-11-07 16:15:27.392367684 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/squid.if 2011-11-07 16:15:27.695367800 -0500 @@ -209,8 +209,11 @@ interface(`squid_admin',` type squid_log_t, squid_var_run_t, squid_initrc_exec_t; ') @@ -3092,8 +3135,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace serefpolicy- init_labeled_script_domtrans($1, squid_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace serefpolicy-3.10.0/policy/modules/services/ssh.if ---- serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace 2011-11-04 16:32:07.556066126 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-11-04 16:32:07.929066839 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace 2011-11-07 16:15:27.394367684 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-11-07 16:15:27.696367801 -0500 @@ -367,7 +367,7 @@ template(`ssh_role_template',` # allow ps to show ssh @@ -3113,8 +3156,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace serefpolicy-3. # allow ps to show ssh ps_process_pattern($3, $1_ssh_agent_t) diff -up serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace serefpolicy-3.10.0/policy/modules/services/sssd.if ---- serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace 2011-11-04 16:32:07.558066128 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sssd.if 2011-11-04 16:32:07.930066842 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace 2011-11-07 16:15:27.396367686 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/sssd.if 2011-11-07 16:15:27.697367802 -0500 @@ -234,8 +234,11 @@ interface(`sssd_admin',` type sssd_t, sssd_public_t, sssd_initrc_exec_t; ') @@ -3129,8 +3172,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace serefpolicy-3 # Allow sssd_t to restart the apache service sssd_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/tcsd.if ---- serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace 2011-11-04 16:32:07.563066139 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/tcsd.if 2011-11-04 16:32:07.931066844 -0400 +--- serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace 2011-11-07 16:15:27.400367687 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/tcsd.if 2011-11-07 16:15:27.697367802 -0500 @@ -137,8 +137,11 @@ interface(`tcsd_admin',` type tcsd_var_lib_t; ') @@ -3145,8 +3188,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace serefpolicy-3 tcsd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace serefpolicy-3.10.0/policy/modules/services/tftp.if ---- serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace 2011-11-04 16:32:07.566066145 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/tftp.if 2011-11-04 16:32:07.931066844 -0400 +--- serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace 2011-11-07 16:15:27.403367688 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/tftp.if 2011-11-07 16:15:27.698367802 -0500 @@ -109,8 +109,11 @@ interface(`tftp_admin',` type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_var_run_t; ') @@ -3161,8 +3204,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace serefpolicy-3 files_list_var_lib($1) admin_pattern($1, tftpdir_rw_t) diff -up serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace serefpolicy-3.10.0/policy/modules/services/tor.if ---- serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace 2011-11-04 16:32:07.569066150 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/tor.if 2011-11-04 16:32:07.932066845 -0400 +--- serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace 2011-11-07 16:15:27.405367690 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/tor.if 2011-11-07 16:15:27.699367802 -0500 @@ -42,8 +42,11 @@ interface(`tor_admin',` type tor_initrc_exec_t; ') @@ -3177,8 +3220,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace serefpolicy-3. init_labeled_script_domtrans($1, tor_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace serefpolicy-3.10.0/policy/modules/services/tuned.if ---- serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace 2011-11-04 16:32:07.570066151 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/tuned.if 2011-11-04 16:32:07.933066847 -0400 +--- serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace 2011-11-07 16:15:27.406367690 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/tuned.if 2011-11-07 16:15:27.699367802 -0500 @@ -115,8 +115,11 @@ interface(`tuned_admin',` type tuned_t, tuned_var_run_t, tuned_initrc_exec_t; ') @@ -3194,7 +3237,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace serefpolicy- domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ulogd.if --- serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ulogd.if 2011-11-04 16:32:07.934066849 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ulogd.if 2011-11-07 16:15:27.700367802 -0500 @@ -123,8 +123,11 @@ interface(`ulogd_admin',` type ulogd_var_log_t, ulogd_initrc_exec_t; ') @@ -3210,7 +3253,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace serefpolicy- domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace serefpolicy-3.10.0/policy/modules/services/uucp.if --- serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/uucp.if 2011-11-04 16:32:07.935066851 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/uucp.if 2011-11-07 16:15:27.701367802 -0500 @@ -99,8 +99,11 @@ interface(`uucp_admin',` type uucpd_var_run_t; ') @@ -3225,8 +3268,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace serefpolicy-3 logging_list_logs($1) admin_pattern($1, uucpd_log_t) diff -up serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace serefpolicy-3.10.0/policy/modules/services/uuidd.if ---- serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace 2011-11-04 16:32:07.577066166 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/uuidd.if 2011-11-04 16:32:07.936066853 -0400 +--- serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace 2011-11-07 16:15:27.411367691 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/uuidd.if 2011-11-07 16:15:27.701367802 -0500 @@ -177,8 +177,11 @@ interface(`uuidd_admin',` type uuidd_var_run_t; ') @@ -3242,7 +3285,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace serefpolicy- domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace serefpolicy-3.10.0/policy/modules/services/varnishd.if --- serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/varnishd.if 2011-11-04 16:32:07.936066853 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/varnishd.if 2011-11-07 16:15:27.702367803 -0500 @@ -155,8 +155,11 @@ interface(`varnishd_admin_varnishlog',` type varnishlog_var_run_t; ') @@ -3270,8 +3313,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace serefpoli init_labeled_script_domtrans($1, varnishd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace serefpolicy-3.10.0/policy/modules/services/vdagent.if ---- serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace 2011-11-04 16:32:07.580066172 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/vdagent.if 2011-11-04 16:32:07.937066855 -0400 +--- serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace 2011-11-07 16:15:27.413367693 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/vdagent.if 2011-11-07 16:15:27.703367804 -0500 @@ -118,8 +118,11 @@ interface(`vdagent_admin',` type vdagent_var_run_t; ') @@ -3286,8 +3329,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace serefpolic files_search_pids($1) admin_pattern($1, vdagent_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace serefpolicy-3.10.0/policy/modules/services/vhostmd.if ---- serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace 2011-11-04 16:32:07.581066174 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/vhostmd.if 2011-11-04 16:32:07.938066856 -0400 +--- serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace 2011-11-07 16:15:27.415367693 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/vhostmd.if 2011-11-07 16:15:27.703367804 -0500 @@ -210,8 +210,11 @@ interface(`vhostmd_admin',` type vhostmd_t, vhostmd_initrc_exec_t; ') @@ -3302,8 +3345,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace serefpolic vhostmd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace serefpolicy-3.10.0/policy/modules/services/virt.if ---- serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace 2011-11-04 16:32:07.584066180 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-11-04 16:32:07.939066857 -0400 +--- serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace 2011-11-07 16:15:27.417367693 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-11-07 16:15:27.704367804 -0500 @@ -620,10 +620,14 @@ interface(`virt_admin',` type virt_lxc_t; ') @@ -3331,8 +3374,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace serefpolicy-3 ######################################## diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3.10.0/policy/modules/services/virt.te ---- serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace 2011-11-04 16:32:07.695066392 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-11-04 16:32:07.941066862 -0400 +--- serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace 2011-11-07 16:15:27.507367728 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-11-07 16:15:27.705367804 -0500 @@ -250,7 +250,7 @@ optional_policy(` # virtd local policy # @@ -3342,7 +3385,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3 allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsockcreate setsched }; ifdef(`hide_broken_symptoms',` # caused by some bogus kernel code -@@ -851,7 +851,6 @@ optional_policy(` +@@ -853,7 +853,6 @@ optional_policy(` # virt_lxc_domain local policy # allow svirt_lxc_domain self:capability { kill setuid setgid dac_override }; @@ -3351,8 +3394,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3 allow virtd_t svirt_lxc_domain:process { signal_perms }; allow virtd_lxc_t svirt_lxc_domain:process { getattr getsched setsched transition signal signull sigkill }; diff -up serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace serefpolicy-3.10.0/policy/modules/services/vnstatd.if ---- serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace 2011-11-04 16:32:07.587066186 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/vnstatd.if 2011-11-04 16:32:07.942066864 -0400 +--- serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace 2011-11-07 16:15:27.420367695 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/vnstatd.if 2011-11-07 16:15:27.706367804 -0500 @@ -136,8 +136,11 @@ interface(`vnstatd_admin',` type vnstatd_t, vnstatd_var_lib_t; ') @@ -3367,8 +3410,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace serefpolic files_list_var_lib($1) admin_pattern($1, vnstatd_var_lib_t) diff -up serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace serefpolicy-3.10.0/policy/modules/services/wdmd.if ---- serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace 2011-11-04 16:32:07.589066189 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/wdmd.if 2011-11-04 16:32:07.943066866 -0400 +--- serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace 2011-11-07 16:15:27.423367695 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/wdmd.if 2011-11-07 16:15:27.707367804 -0500 @@ -62,8 +62,11 @@ interface(`wdmd_admin',` type wdmd_initrc_exec_t; ') @@ -3383,8 +3426,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace serefpolicy-3 wdmd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace serefpolicy-3.10.0/policy/modules/services/xserver.te ---- serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace 2011-11-04 16:32:07.731066459 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-11-04 16:32:07.944066868 -0400 +--- serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace 2011-11-07 16:15:27.536367739 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-11-07 16:15:27.708367805 -0500 @@ -417,8 +417,13 @@ optional_policy(` # XDM Local policy # @@ -3412,8 +3455,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace serefpolic allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; allow xserver_t self:fd use; diff -up serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace serefpolicy-3.10.0/policy/modules/services/zabbix.if ---- serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace 2011-11-04 16:32:07.597066205 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/zabbix.if 2011-11-04 16:32:07.945066870 -0400 +--- serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace 2011-11-07 16:15:27.429367698 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/zabbix.if 2011-11-07 16:15:27.709367806 -0500 @@ -142,8 +142,11 @@ interface(`zabbix_admin',` type zabbix_initrc_exec_t; ') @@ -3428,8 +3471,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace serefpolicy init_labeled_script_domtrans($1, zabbix_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace serefpolicy-3.10.0/policy/modules/services/zebra.if ---- serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace 2011-11-04 16:32:07.601066212 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/zebra.if 2011-11-04 16:32:07.946066872 -0400 +--- serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace 2011-11-07 16:15:27.432367700 -0500 ++++ serefpolicy-3.10.0/policy/modules/services/zebra.if 2011-11-07 16:15:27.709367806 -0500 @@ -64,8 +64,11 @@ interface(`zebra_admin',` type zebra_conf_t, zebra_var_run_t, zebra_initrc_exec_t; ') @@ -3444,8 +3487,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace serefpolicy- init_labeled_script_domtrans($1, zebra_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace serefpolicy-3.10.0/policy/modules/system/hotplug.te ---- serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace 2011-11-04 16:32:07.615066238 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/hotplug.te 2011-11-04 16:32:07.946066872 -0400 +--- serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace 2011-11-07 16:15:27.443367703 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/hotplug.te 2011-11-07 16:15:27.710367807 -0500 @@ -23,7 +23,7 @@ files_pid_file(hotplug_var_run_t) # @@ -3456,8 +3499,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace serefpolicy- dontaudit hotplug_t self:capability { dac_override dac_read_search }; allow hotplug_t self:process { setpgid getsession getattr signal_perms }; diff -up serefpolicy-3.10.0/policy/modules/system/init.if.ptrace serefpolicy-3.10.0/policy/modules/system/init.if ---- serefpolicy-3.10.0/policy/modules/system/init.if.ptrace 2011-11-04 16:32:07.618066244 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/init.if 2011-11-04 16:32:07.948066876 -0400 +--- serefpolicy-3.10.0/policy/modules/system/init.if.ptrace 2011-11-07 16:15:27.445367705 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/init.if 2011-11-07 16:15:27.711367807 -0500 @@ -1123,7 +1123,9 @@ interface(`init_ptrace',` type init_t; ') @@ -3470,8 +3513,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.if.ptrace serefpolicy-3.1 ######################################## diff -up serefpolicy-3.10.0/policy/modules/system/init.te.ptrace serefpolicy-3.10.0/policy/modules/system/init.te ---- serefpolicy-3.10.0/policy/modules/system/init.te.ptrace 2011-11-04 16:32:07.732066461 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-11-04 16:32:07.950066880 -0400 +--- serefpolicy-3.10.0/policy/modules/system/init.te.ptrace 2011-11-07 16:15:27.537367740 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-11-07 16:15:27.712367807 -0500 @@ -121,7 +121,7 @@ ifdef(`enable_mls',` # @@ -3492,8 +3535,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.te.ptrace serefpolicy-3.1 allow initrc_t self:passwd rootok; allow initrc_t self:key manage_key_perms; diff -up serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace serefpolicy-3.10.0/policy/modules/system/ipsec.te ---- serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace 2011-11-04 16:32:07.622066252 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/ipsec.te 2011-11-04 16:32:07.951066882 -0400 +--- serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace 2011-11-07 16:15:27.449367705 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/ipsec.te 2011-11-07 16:15:27.713367807 -0500 @@ -73,7 +73,7 @@ role system_r types setkey_t; # @@ -3525,8 +3568,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace serefpolicy-3. domain_dontaudit_getattr_all_pipes(ipsec_mgmt_t) diff -up serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace serefpolicy-3.10.0/policy/modules/system/iscsi.te ---- serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace 2011-11-04 16:32:07.625066258 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/iscsi.te 2011-11-04 16:32:07.952066884 -0400 +--- serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace 2011-11-07 16:15:27.451367707 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/iscsi.te 2011-11-07 16:15:27.714367807 -0500 @@ -31,7 +31,6 @@ files_pid_file(iscsi_var_run_t) # @@ -3536,8 +3579,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace serefpolicy-3. allow iscsid_t self:fifo_file rw_fifo_file_perms; allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto }; diff -up serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace serefpolicy-3.10.0/policy/modules/system/locallogin.te ---- serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace 2011-11-04 16:32:07.630066268 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/locallogin.te 2011-11-04 16:32:07.953066886 -0400 +--- serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace 2011-11-07 16:15:27.455367708 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/locallogin.te 2011-11-07 16:15:27.715367807 -0500 @@ -35,7 +35,7 @@ role system_r types sulogin_t; # Local login local policy # @@ -3548,8 +3591,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace serefpoli allow local_login_t self:fd use; allow local_login_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace serefpolicy-3.10.0/policy/modules/system/logging.if ---- serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace 2011-11-04 16:32:07.632066271 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/logging.if 2011-11-04 16:32:07.954066888 -0400 +--- serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace 2011-11-07 16:15:27.457367709 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/logging.if 2011-11-07 16:15:27.716367808 -0500 @@ -1095,9 +1095,13 @@ interface(`logging_admin_audit',` type auditd_initrc_exec_t; ') @@ -3583,8 +3626,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace serefpolicy- manage_dirs_pattern($1, klogd_var_run_t, klogd_var_run_t) manage_files_pattern($1, klogd_var_run_t, klogd_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace serefpolicy-3.10.0/policy/modules/system/mount.te ---- serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace 2011-11-04 16:32:07.643066293 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/mount.te 2011-11-04 16:32:07.954066888 -0400 +--- serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace 2011-11-07 16:15:27.466367713 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/mount.te 2011-11-07 16:15:27.717367809 -0500 @@ -48,7 +48,11 @@ role system_r types showmount_t; # setuid/setgid needed to mount cifs @@ -3599,8 +3642,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace serefpolicy-3. allow mount_t self:unix_stream_socket create_stream_socket_perms; allow mount_t self:unix_dgram_socket create_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace serefpolicy-3.10.0/policy/modules/system/sysnetwork.te ---- serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace 2011-11-04 16:32:07.654066313 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/sysnetwork.te 2011-11-04 16:32:07.955066890 -0400 +--- serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace 2011-11-07 16:15:27.474367716 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/sysnetwork.te 2011-11-07 16:15:27.717367809 -0500 @@ -51,10 +51,13 @@ files_config_file(net_conf_t) # DHCP client local policy # @@ -3618,8 +3661,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace serefpoli allow dhcpc_t self:fifo_file rw_fifo_file_perms; allow dhcpc_t self:tcp_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace serefpolicy-3.10.0/policy/modules/system/udev.te ---- serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace 2011-11-04 16:32:07.659066323 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/udev.te 2011-11-04 16:32:07.956066892 -0400 +--- serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace 2011-11-07 16:15:27.478367717 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/udev.te 2011-11-07 16:15:27.718367810 -0500 @@ -34,7 +34,7 @@ ifdef(`enable_mcs',` # Local policy # @@ -3643,8 +3686,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace serefpolicy-3.1 allow udev_t self:fd use; allow udev_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace serefpolicy-3.10.0/policy/modules/system/unconfined.if ---- serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace 2011-11-04 16:32:07.680066363 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/unconfined.if 2011-11-04 16:32:07.957066893 -0400 +--- serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace 2011-11-07 16:15:27.495367723 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/unconfined.if 2011-11-07 16:15:27.719367810 -0500 @@ -18,7 +18,12 @@ interface(`unconfined_domain_noaudit',` ') @@ -3660,8 +3703,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace serefpoli allow $1 self:fifo_file { manage_fifo_file_perms relabelfrom relabelto }; diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace serefpolicy-3.10.0/policy/modules/system/userdomain.if ---- serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace 2011-11-04 16:32:07.735066469 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-04 16:32:07.960066899 -0400 +--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace 2011-11-07 16:15:27.539367741 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-07 16:15:27.721367810 -0500 @@ -47,7 +47,10 @@ template(`userdom_base_user_template',` term_user_tty($1_t, user_tty_device_t) term_dontaudit_getattr_generic_ptys($1_t) @@ -3707,8 +3750,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace serefpoli ######################################## diff -up serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace serefpolicy-3.10.0/policy/modules/system/xen.te ---- serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace 2011-11-04 16:32:07.669066342 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/xen.te 2011-11-04 16:32:07.961066900 -0400 +--- serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace 2011-11-07 16:15:27.487367720 -0500 ++++ serefpolicy-3.10.0/policy/modules/system/xen.te 2011-11-07 16:15:27.721367810 -0500 @@ -206,7 +206,6 @@ tunable_policy(`xend_run_qemu',` # diff --git a/selinux-policy.spec b/selinux-policy.spec index 01633d5..02f9a52 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.10.0 -Release: 54%{?dist} +Release: 55%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -219,7 +219,7 @@ fi; if [ -e /etc/selinux/%2/.rebuild ]; then \ rm /etc/selinux/%2/.rebuild; \ if [ %1 -ne 1 ]; then \ - /usr/sbin/semodule -n -s %2 -r ada tzdata hal hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \ + /usr/sbin/semodule -n -s %2 -r execmem openoffice ada tzdata hal hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \ fi \ rm -f /etc/selinux/%2/modules/active/modules/qemu.pp \ /usr/sbin/semodule -B -s %2; \ @@ -483,7 +483,21 @@ SELinux Reference policy mls base module. %endif %changelog -* Fri Nov 4 2011 Miroslav Grepl 3.10.0-54 +* Mon Nov 7 2011 Miroslav Grepl 3.10.0-55 +- Add more MCS fixes to make sandbox working +- Make faillog MLS trusted to make sudo_$1_t working +- Allow sandbox_web_client_t to read passwd_file_t +- Add .mailrc file context +- Remove execheap from openoffice domain +- Allow chrome_sandbox_nacl_t to read cpu_info +- Allow virtd to relabel generic usb which is need if USB device +- Fixes for virt.if interfaces to consider chr_file as image file type + +* Fri Nov 5 2011 Dan Walsh 3.10.0-54.1 +- Remove Open Office policy +- Remove execmem policy + +* Fri Nov 5 2011 Miroslav Grepl 3.10.0-54 - MCS fixes - quota fixes