From 38087df72c3a3dbcf0458ca53144d3b79db5e99d Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Oct 27 2011 18:06:19 +0000 Subject: Begin removing qemu_t domain, we really no longer need this domain. systemd_passwd needs dac_overide to communicate with users TTY's Allow svirt_lxc domains to send kill signals within their container --- diff --git a/ptrace.patch b/ptrace.patch index 7b71930..80ea999 100644 --- a/ptrace.patch +++ b/ptrace.patch @@ -1,6 +1,6 @@ diff -up serefpolicy-3.10.0/policy/global_tunables.ptrace serefpolicy-3.10.0/policy/global_tunables ---- serefpolicy-3.10.0/policy/global_tunables.ptrace 2011-10-14 09:46:28.474535144 -0400 -+++ serefpolicy-3.10.0/policy/global_tunables 2011-10-14 09:46:29.088523377 -0400 +--- serefpolicy-3.10.0/policy/global_tunables.ptrace 2011-10-27 13:59:12.663914505 -0400 ++++ serefpolicy-3.10.0/policy/global_tunables 2011-10-27 13:59:14.005913486 -0400 @@ -6,6 +6,13 @@ ## @@ -16,8 +16,8 @@ diff -up serefpolicy-3.10.0/policy/global_tunables.ptrace serefpolicy-3.10.0/pol ##

## diff -up serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace serefpolicy-3.10.0/policy/modules/admin/kdump.if ---- serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace 2011-10-14 09:46:28.489534857 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/kdump.if 2011-10-14 09:46:29.089523358 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace 2011-10-27 13:59:12.698914478 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/kdump.if 2011-10-27 13:59:14.006913485 -0400 @@ -140,8 +140,11 @@ interface(`kdump_admin',` type kdump_initrc_exec_t; ') @@ -33,7 +33,7 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace serefpolicy-3.1 domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace serefpolicy-3.10.0/policy/modules/admin/kismet.if --- serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/kismet.if 2011-10-14 09:46:29.090523338 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/kismet.if 2011-10-27 13:59:14.008913483 -0400 @@ -239,7 +239,10 @@ interface(`kismet_admin',` ') @@ -47,8 +47,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace serefpolicy-3. kismet_manage_pid_files($1) kismet_manage_lib($1) diff -up serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace serefpolicy-3.10.0/policy/modules/admin/kudzu.te ---- serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace 2011-10-14 09:46:28.491534818 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/kudzu.te 2011-10-14 09:46:29.090523338 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace 2011-10-27 13:59:12.702914477 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/kudzu.te 2011-10-27 13:59:14.009913482 -0400 @@ -20,7 +20,7 @@ files_pid_file(kudzu_var_run_t) # Local policy # @@ -59,8 +59,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace serefpolicy-3.1 allow kudzu_t self:process { signal_perms execmem }; allow kudzu_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace serefpolicy-3.10.0/policy/modules/admin/logrotate.te ---- serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace 2011-10-14 09:46:28.492534798 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/logrotate.te 2011-10-14 09:46:29.091523318 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace 2011-10-27 13:59:12.703914476 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/logrotate.te 2011-10-27 13:59:14.011913480 -0400 @@ -30,8 +30,6 @@ files_type(logrotate_var_lib_t) # Change ownership on log files. @@ -71,8 +71,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace serefpolicy allow logrotate_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3.10.0/policy/modules/admin/ncftool.te ---- serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace 2011-10-14 09:46:28.496534722 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/ncftool.te 2011-10-14 09:46:29.091523318 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace 2011-10-27 13:59:12.714914466 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/ncftool.te 2011-10-27 13:59:14.012913479 -0400 @@ -17,8 +17,7 @@ role system_r types ncftool_t; # ncftool local policy # @@ -84,9 +84,9 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3 allow ncftool_t self:fifo_file manage_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/rpm.te ---- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-10-14 09:46:29.029524505 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-14 09:46:29.092523299 -0400 -@@ -248,7 +248,8 @@ optional_policy(` +--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-10-27 13:59:13.896913569 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-27 13:59:14.014913477 -0400 +@@ -250,7 +250,8 @@ optional_policy(` # rpm-script Local policy # @@ -97,8 +97,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10. allow rpm_script_t self:fd use; allow rpm_script_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/sectoolm.te ---- serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace 2011-10-14 09:46:28.510534454 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/sectoolm.te 2011-10-14 09:46:29.093523281 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace 2011-10-27 13:59:12.745914442 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/sectoolm.te 2011-10-27 13:59:14.015913476 -0400 @@ -23,7 +23,7 @@ files_tmp_file(sectool_tmp_t) # sectool local policy # @@ -109,8 +109,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace serefpolicy- dontaudit sectoolm_t self:process { execstack execmem }; allow sectoolm_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace serefpolicy-3.10.0/policy/modules/admin/shorewall.if ---- serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace 2011-10-14 09:46:28.511534435 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/shorewall.if 2011-10-14 09:46:29.093523281 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace 2011-10-27 13:59:12.746914442 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/shorewall.if 2011-10-27 13:59:14.016913475 -0400 @@ -139,8 +139,11 @@ interface(`shorewall_admin',` type shorewall_tmp_t, shorewall_etc_t; ') @@ -125,8 +125,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace serefpolicy init_labeled_script_domtrans($1, shorewall_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace serefpolicy-3.10.0/policy/modules/admin/shorewall.te ---- serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace 2011-10-14 09:46:28.511534435 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/shorewall.te 2011-10-14 09:46:29.094523262 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace 2011-10-27 13:59:12.747914442 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/shorewall.te 2011-10-27 13:59:14.018913475 -0400 @@ -37,7 +37,7 @@ logging_log_file(shorewall_log_t) # shorewall local policy # @@ -137,8 +137,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace serefpolicy allow shorewall_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace serefpolicy-3.10.0/policy/modules/admin/sosreport.te ---- serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace 2011-10-14 09:46:28.514534377 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/sosreport.te 2011-10-14 09:46:29.095523243 -0400 +--- serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace 2011-10-27 13:59:12.760914431 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/sosreport.te 2011-10-27 13:59:14.019913475 -0400 @@ -21,7 +21,7 @@ files_tmpfs_file(sosreport_tmpfs_t) # sosreport local policy # @@ -149,9 +149,9 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace serefpolicy allow sosreport_t self:fifo_file rw_fifo_file_perms; allow sosreport_t self:tcp_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace serefpolicy-3.10.0/policy/modules/admin/usermanage.te ---- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace 2011-10-14 09:46:29.055524007 -0400 -+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-14 09:46:29.095523243 -0400 -@@ -435,7 +435,8 @@ optional_policy(` +--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace 2011-10-27 13:59:13.940913534 -0400 ++++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-27 13:59:14.020913474 -0400 +@@ -439,7 +439,8 @@ optional_policy(` # Useradd local policy # @@ -162,9 +162,9 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace serefpolic allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; allow useradd_t self:process setfscreate; diff -up serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace serefpolicy-3.10.0/policy/modules/apps/chrome.te ---- serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace 2011-10-14 09:46:28.528534108 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/chrome.te 2011-10-14 09:46:29.096523224 -0400 -@@ -21,7 +21,7 @@ ubac_constrained(chrome_sandbox_tmpfs_t) +--- serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace 2011-10-27 13:59:12.787914412 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/chrome.te 2011-10-27 13:59:14.022913472 -0400 +@@ -26,7 +26,7 @@ role system_r types chrome_sandbox_nacl_ # # chrome_sandbox local policy # @@ -174,8 +174,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace serefpolicy-3.1 allow chrome_sandbox_t self:process setsched; allow chrome_sandbox_t self:fifo_file manage_file_perms; diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace serefpolicy-3.10.0/policy/modules/apps/execmem.if ---- serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace 2011-10-14 09:46:29.056523988 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-14 09:46:29.097523205 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace 2011-10-27 13:59:13.941913534 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-27 13:59:14.023913471 -0400 @@ -59,7 +59,7 @@ template(`execmem_role_template',` userdom_unpriv_usertype($1, $1_execmem_t) @@ -186,8 +186,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace serefpolicy-3. files_execmod_tmp($1_execmem_t) diff -up serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace serefpolicy-3.10.0/policy/modules/apps/gnome.if ---- serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace 2011-10-14 09:46:28.534533994 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/gnome.if 2011-10-14 09:46:29.098523186 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace 2011-10-27 13:59:12.804914399 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/gnome.if 2011-10-27 13:59:14.030913464 -0400 @@ -91,8 +91,7 @@ interface(`gnome_role_gkeyringd',` auth_use_nsswitch($1_gkeyringd_t) @@ -199,8 +199,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace serefpolicy-3.10 stream_connect_pattern($3, gkeyringd_tmp_t, gkeyringd_tmp_t, $1_gkeyringd_t) diff -up serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace serefpolicy-3.10.0/policy/modules/apps/irc.if ---- serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace 2011-10-14 09:46:28.538533917 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/irc.if 2011-10-14 09:46:29.099523167 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace 2011-10-27 13:59:12.812914392 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/irc.if 2011-10-27 13:59:14.031913464 -0400 @@ -33,7 +33,7 @@ interface(`irc_role',` domtrans_pattern($2, irssi_exec_t, irssi_t) @@ -211,8 +211,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace serefpolicy-3.10.0 manage_dirs_pattern($2, irssi_home_t, irssi_home_t) diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace serefpolicy-3.10.0/policy/modules/apps/java.if ---- serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace 2011-10-14 09:46:29.056523988 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-14 09:46:29.099523167 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace 2011-10-27 13:59:13.943913533 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-27 13:59:14.032913464 -0400 @@ -76,11 +76,11 @@ template(`java_role_template',` userdom_manage_tmpfs_role($2) userdom_manage_tmpfs($1_java_t) @@ -228,8 +228,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace serefpolicy-3.10. domtrans_pattern($3, java_exec_t, $1_java_t) diff -up serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace serefpolicy-3.10.0/policy/modules/apps/kde.te ---- serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace 2011-10-14 09:46:28.542533840 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/kde.te 2011-10-14 09:46:29.100523148 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace 2011-10-27 13:59:12.820914387 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/kde.te 2011-10-27 13:59:14.034913464 -0400 @@ -13,9 +13,6 @@ dbus_system_domain(kdebacklighthelper_t, # # backlighthelper local policy @@ -241,8 +241,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace serefpolicy-3.10.0 kernel_read_system_state(kdebacklighthelper_t) diff -up serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace serefpolicy-3.10.0/policy/modules/apps/livecd.te ---- serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace 2011-10-14 09:46:28.543533821 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/livecd.te 2011-10-14 09:46:29.100523148 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace 2011-10-27 13:59:12.825914382 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/livecd.te 2011-10-27 13:59:14.036913462 -0400 @@ -20,7 +20,10 @@ files_tmp_file(livecd_tmp_t) dontaudit livecd_t self:capability2 mac_admin; @@ -256,8 +256,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace serefpolicy-3.1 manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t) diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace serefpolicy-3.10.0/policy/modules/apps/mono.if ---- serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace 2011-10-14 09:46:29.057523969 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-14 09:46:29.101523129 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace 2011-10-27 13:59:13.944913532 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-27 13:59:14.037913461 -0400 @@ -40,8 +40,8 @@ template(`mono_role_template',` domain_interactive_fd($1_mono_t) application_type($1_mono_t) @@ -271,7 +271,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace serefpolicy-3.10. diff -up serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace serefpolicy-3.10.0/policy/modules/apps/mono.te --- serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/mono.te 2011-10-14 09:46:29.101523129 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/mono.te 2011-10-27 13:59:14.039913459 -0400 @@ -15,7 +15,7 @@ init_system_domain(mono_t, mono_exec_t) # Local policy # @@ -282,8 +282,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace serefpolicy-3.10. init_dbus_chat_script(mono_t) diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace serefpolicy-3.10.0/policy/modules/apps/mozilla.if ---- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace 2011-10-14 09:46:29.058523950 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-14 09:46:29.102523109 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace 2011-10-27 13:59:13.945913531 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-27 13:59:14.040913458 -0400 @@ -221,7 +221,7 @@ interface(`mozilla_domtrans_plugin',` allow mozilla_plugin_t $1:sem create_sem_perms; @@ -294,8 +294,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace serefpolicy-3. ######################################## diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace serefpolicy-3.10.0/policy/modules/apps/mozilla.te ---- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace 2011-10-14 09:46:29.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-10-14 09:47:46.696136674 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace 2011-10-27 13:59:13.902913563 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-10-27 13:59:14.042913456 -0400 @@ -301,7 +301,7 @@ optional_policy(` # mozilla_plugin local policy # @@ -306,8 +306,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace serefpolicy-3. allow mozilla_plugin_t self:process { setsched signal_perms execmem }; allow mozilla_plugin_t self:netlink_route_socket r_netlink_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace serefpolicy-3.10.0/policy/modules/apps/nsplugin.if ---- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace 2011-10-14 09:46:29.058523950 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-14 09:46:29.104523070 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace 2011-10-27 13:59:13.947913529 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-27 13:59:14.043913455 -0400 @@ -93,7 +93,7 @@ ifdef(`hide_broken_symptoms', ` dontaudit nsplugin_t $2:shm destroy; allow $2 nsplugin_t:sem rw_sem_perms; @@ -318,8 +318,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace serefpolicy-3 # Connect to pulseaudit server diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace serefpolicy-3.10.0/policy/modules/apps/nsplugin.te ---- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace 2011-10-14 09:46:29.059523931 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-14 09:46:29.105523050 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace 2011-10-27 13:59:13.948913528 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-27 13:59:14.045913453 -0400 @@ -54,7 +54,7 @@ application_executable_file(nsplugin_con # dontaudit nsplugin_t self:capability { sys_nice sys_tty_config }; @@ -330,8 +330,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace serefpolicy-3 allow nsplugin_t self:sem create_sem_perms; allow nsplugin_t self:shm create_shm_perms; diff -up serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace serefpolicy-3.10.0/policy/modules/apps/openoffice.if ---- serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace 2011-10-14 09:46:28.555533591 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/openoffice.if 2011-10-14 09:46:29.105523050 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace 2011-10-27 13:59:12.847914364 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/openoffice.if 2011-10-27 13:59:14.046913452 -0400 @@ -69,7 +69,7 @@ interface(`openoffice_role_template',` allow $1_openoffice_t self:process { getsched sigkill execheap execmem execstack }; @@ -342,8 +342,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace serefpolicy domtrans_pattern($3, openoffice_exec_t, $1_openoffice_t) diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace serefpolicy-3.10.0/policy/modules/apps/podsleuth.te ---- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace 2011-10-14 09:46:29.035524391 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-10-14 09:46:29.106523031 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace 2011-10-27 13:59:13.903913562 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-10-27 13:59:14.047913451 -0400 @@ -27,7 +27,8 @@ ubac_constrained(podsleuth_tmpfs_t) # podsleuth local policy # @@ -356,7 +356,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace serefpolicy- allow podsleuth_t self:sem create_sem_perms; diff -up serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace serefpolicy-3.10.0/policy/modules/apps/uml.if --- serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/uml.if 2011-10-14 09:46:29.107523012 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/uml.if 2011-10-27 13:59:14.049913451 -0400 @@ -31,9 +31,9 @@ interface(`uml_role',` allow $2 uml_t:unix_dgram_socket sendto; allow uml_t $2:unix_dgram_socket sendto; @@ -370,8 +370,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace serefpolicy-3.10.0 allow $2 uml_ro_t:dir list_dir_perms; read_files_pattern($2, uml_ro_t, uml_ro_t) diff -up serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace serefpolicy-3.10.0/policy/modules/apps/uml.te ---- serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace 2011-10-14 09:46:28.569533323 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/uml.te 2011-10-14 09:46:29.107523012 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace 2011-10-27 13:59:12.879914342 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/uml.te 2011-10-27 13:59:14.050913451 -0400 @@ -53,7 +53,7 @@ files_pid_file(uml_switch_var_run_t) # @@ -382,8 +382,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace serefpolicy-3.10.0 allow uml_t self:unix_dgram_socket create_socket_perms; # Use the network. diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace serefpolicy-3.10.0/policy/modules/apps/wine.if ---- serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace 2011-10-14 09:46:29.062523874 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-14 09:46:29.109522974 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace 2011-10-27 13:59:13.955913521 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-27 13:59:14.056913446 -0400 @@ -100,7 +100,7 @@ template(`wine_role_template',` role $2 types $1_wine_t; @@ -394,8 +394,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace serefpolicy-3.10. corecmd_bin_domtrans($1_wine_t, $1_t) diff -up serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace serefpolicy-3.10.0/policy/modules/kernel/domain.te ---- serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace 2011-10-14 09:46:28.592532882 -0400 -+++ serefpolicy-3.10.0/policy/modules/kernel/domain.te 2011-10-14 09:48:15.824664136 -0400 +--- serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace 2011-10-27 13:59:12.928914305 -0400 ++++ serefpolicy-3.10.0/policy/modules/kernel/domain.te 2011-10-27 13:59:14.057913445 -0400 @@ -181,7 +181,10 @@ allow unconfined_domain_type domain:fifo allow unconfined_domain_type unconfined_domain_type:dbus send_msg; @@ -408,14 +408,14 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace serefpolicy-3 # Create/access any System V IPC objects. allow unconfined_domain_type domain:{ sem msgq shm } *; -@@ -314,3 +317,4 @@ optional_policy(` +@@ -316,3 +319,4 @@ optional_policy(` ') dontaudit domain domain:process { noatsecure siginh rlimitinh } ; +dontaudit domain self:capability sys_ptrace; diff -up serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace serefpolicy-3.10.0/policy/modules/kernel/kernel.te ---- serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace 2011-10-14 09:46:28.603532671 -0400 -+++ serefpolicy-3.10.0/policy/modules/kernel/kernel.te 2011-10-14 09:46:29.111522936 -0400 +--- serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace 2011-10-27 13:59:12.954914285 -0400 ++++ serefpolicy-3.10.0/policy/modules/kernel/kernel.te 2011-10-27 13:59:14.058913444 -0400 @@ -191,7 +191,11 @@ sid tcp_socket gen_context(system_u:obj # kernel local policy # @@ -439,8 +439,8 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace serefpolicy-3 gen_require(` bool secure_mode_insmod; diff -up serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/dbadm.te ---- serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace 2011-10-14 09:46:28.612532498 -0400 -+++ serefpolicy-3.10.0/policy/modules/roles/dbadm.te 2011-10-14 09:46:29.112522917 -0400 +--- serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace 2011-10-27 13:59:12.976914267 -0400 ++++ serefpolicy-3.10.0/policy/modules/roles/dbadm.te 2011-10-27 13:59:14.059913443 -0400 @@ -28,7 +28,7 @@ userdom_base_user_template(dbadm) # database admin local policy # @@ -452,7 +452,7 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace serefpolicy-3.1 files_delete_generic_locks(dbadm_t) diff -up serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/logadm.te --- serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/roles/logadm.te 2011-10-14 09:46:29.113522898 -0400 ++++ serefpolicy-3.10.0/policy/modules/roles/logadm.te 2011-10-27 13:59:14.060913442 -0400 @@ -14,6 +14,5 @@ userdom_base_user_template(logadm) # logadmin local policy # @@ -462,8 +462,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace serefpolicy-3. +allow logadm_t self:capability { dac_override dac_read_search kill sys_nice }; logging_admin(logadm_t, logadm_r) diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/sysadm.te ---- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace 2011-10-14 09:46:29.064523836 -0400 -+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-14 09:46:29.114522879 -0400 +--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace 2011-10-27 13:59:13.958913521 -0400 ++++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-27 13:59:14.061913441 -0400 @@ -5,13 +5,6 @@ policy_module(sysadm, 2.2.1) # Declarations # @@ -478,7 +478,7 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace serefpolicy-3. role sysadm_r; userdom_admin_user_template(sysadm) -@@ -86,7 +79,7 @@ ifndef(`enable_mls',` +@@ -91,7 +84,7 @@ ifndef(`enable_mls',` logging_stream_connect_syslog(sysadm_t) ') @@ -488,8 +488,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace serefpolicy-3. ') diff -up serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/webadm.te ---- serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace 2011-10-14 09:46:28.618532384 -0400 -+++ serefpolicy-3.10.0/policy/modules/roles/webadm.te 2011-10-14 09:46:29.115522860 -0400 +--- serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace 2011-10-27 13:59:12.989914257 -0400 ++++ serefpolicy-3.10.0/policy/modules/roles/webadm.te 2011-10-27 13:59:14.063913440 -0400 @@ -28,7 +28,7 @@ userdom_base_user_template(webadm) # webadmin local policy # @@ -500,9 +500,9 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace serefpolicy-3. files_dontaudit_search_all_dirs(webadm_t) files_manage_generic_locks(webadm_t) diff -up serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace serefpolicy-3.10.0/policy/modules/services/abrt.if ---- serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace 2011-10-14 09:46:28.620532345 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/abrt.if 2011-10-14 09:46:29.115522860 -0400 -@@ -333,9 +333,13 @@ interface(`abrt_admin',` +--- serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace 2011-10-27 13:59:12.993914253 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/abrt.if 2011-10-27 13:59:14.065913440 -0400 +@@ -335,9 +335,13 @@ interface(`abrt_admin',` type abrt_initrc_exec_t; ') @@ -518,8 +518,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace serefpolicy-3 domain_system_change_exemption($1) role_transition $2 abrt_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/accountsd.if ---- serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace 2011-10-14 09:46:28.622532306 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/accountsd.if 2011-10-14 09:46:29.116522841 -0400 +--- serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace 2011-10-27 13:59:12.997914253 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/accountsd.if 2011-10-27 13:59:14.066913439 -0400 @@ -138,8 +138,12 @@ interface(`accountsd_admin',` type accountsd_t; ') @@ -535,8 +535,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace serefpol accountsd_manage_lib_files($1) ') diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace serefpolicy-3.10.0/policy/modules/services/accountsd.te ---- serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace 2011-10-14 09:46:28.623532287 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/accountsd.te 2011-10-14 09:46:29.117522822 -0400 +--- serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace 2011-10-27 13:59:12.999914251 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/accountsd.te 2011-10-27 13:59:14.069913436 -0400 @@ -19,7 +19,7 @@ files_type(accountsd_var_lib_t) # accountsd local policy # @@ -547,8 +547,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace serefpol allow accountsd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace serefpolicy-3.10.0/policy/modules/services/afs.if ---- serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace 2011-10-14 09:46:28.623532287 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/afs.if 2011-10-14 09:46:29.117522822 -0400 +--- serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace 2011-10-27 13:59:13.000914250 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/afs.if 2011-10-27 13:59:14.070913435 -0400 @@ -97,9 +97,13 @@ interface(`afs_admin',` type afs_t, afs_initrc_exec_t; ') @@ -566,7 +566,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace serefpolicy-3. domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace serefpolicy-3.10.0/policy/modules/services/aiccu.if --- serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/aiccu.if 2011-10-14 09:46:29.118522803 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/aiccu.if 2011-10-27 13:59:14.072913433 -0400 @@ -79,9 +79,13 @@ interface(`aiccu_admin',` type aiccu_var_run_t; ') @@ -583,8 +583,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 aiccu_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace serefpolicy-3.10.0/policy/modules/services/aide.if ---- serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace 2011-10-14 09:46:28.626532230 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/aide.if 2011-10-14 09:46:29.119522783 -0400 +--- serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace 2011-10-27 13:59:13.005914245 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/aide.if 2011-10-27 13:59:14.074913431 -0400 @@ -61,9 +61,13 @@ interface(`aide_admin',` type aide_t, aide_db_t, aide_log_t; ') @@ -601,8 +601,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace serefpolicy-3 admin_pattern($1, aide_db_t) diff -up serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace serefpolicy-3.10.0/policy/modules/services/aisexec.if ---- serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace 2011-10-14 09:46:28.627532211 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/aisexec.if 2011-10-14 09:46:29.119522783 -0400 +--- serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace 2011-10-27 13:59:13.008914242 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/aisexec.if 2011-10-27 13:59:14.075913430 -0400 @@ -82,9 +82,13 @@ interface(`aisexecd_admin',` type aisexec_initrc_exec_t; ') @@ -619,8 +619,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace serefpolic domain_system_change_exemption($1) role_transition $2 aisexec_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace serefpolicy-3.10.0/policy/modules/services/ajaxterm.if ---- serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace 2011-10-14 09:46:28.628532192 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ajaxterm.if 2011-10-14 09:46:29.120522763 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace 2011-10-27 13:59:13.012914240 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ajaxterm.if 2011-10-27 13:59:14.077913429 -0400 @@ -76,9 +76,13 @@ interface(`ajaxterm_admin',` type ajaxterm_t, ajaxterm_initrc_exec_t; ') @@ -638,7 +638,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace serefpoli role_transition $2 ajaxterm_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace serefpolicy-3.10.0/policy/modules/services/amavis.if --- serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/amavis.if 2011-10-14 09:46:29.121522744 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/amavis.if 2011-10-27 13:59:14.078913429 -0400 @@ -231,9 +231,13 @@ interface(`amavis_admin',` type amavis_initrc_exec_t; ') @@ -655,8 +655,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace serefpolicy domain_system_change_exemption($1) role_transition $2 amavis_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace serefpolicy-3.10.0/policy/modules/services/apache.if ---- serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace 2011-10-14 09:46:29.079523549 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/apache.if 2011-10-14 09:46:29.122522725 -0400 +--- serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace 2011-10-27 13:59:13.988913499 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/apache.if 2011-10-27 13:59:14.081913428 -0400 @@ -1297,9 +1297,13 @@ interface(`apache_admin',` type httpd_unit_file_t; ') @@ -674,7 +674,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace serefpolicy role_transition $2 httpd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/apcupsd.if --- serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/apcupsd.if 2011-10-14 09:46:29.123522706 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/apcupsd.if 2011-10-27 13:59:14.082913427 -0400 @@ -146,9 +146,13 @@ interface(`apcupsd_admin',` type apcupsd_initrc_exec_t; ') @@ -691,8 +691,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace serefpolic domain_system_change_exemption($1) role_transition $2 apcupsd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace serefpolicy-3.10.0/policy/modules/services/apm.te ---- serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace 2011-10-14 09:46:28.636532038 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/apm.te 2011-10-14 09:46:29.123522706 -0400 +--- serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace 2011-10-27 13:59:13.030914227 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/apm.te 2011-10-27 13:59:14.084913425 -0400 @@ -60,7 +60,7 @@ logging_send_syslog_msg(apm_t) # mknod: controlling an orderly resume of PCMCIA requires creating device # nodes 254,{0,1,2} for some reason. @@ -703,8 +703,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace serefpolicy-3. allow apmd_t self:fifo_file rw_fifo_file_perms; allow apmd_t self:netlink_socket create_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace serefpolicy-3.10.0/policy/modules/services/arpwatch.if ---- serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace 2011-10-14 09:46:28.636532038 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/arpwatch.if 2011-10-14 09:46:29.124522687 -0400 +--- serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace 2011-10-27 13:59:13.032914225 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/arpwatch.if 2011-10-27 13:59:14.086913423 -0400 @@ -137,9 +137,13 @@ interface(`arpwatch_admin',` type arpwatch_initrc_exec_t; ') @@ -721,8 +721,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 arpwatch_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace serefpolicy-3.10.0/policy/modules/services/asterisk.if ---- serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace 2011-10-14 09:46:28.638532000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/asterisk.if 2011-10-14 09:46:29.125522668 -0400 +--- serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace 2011-10-27 13:59:13.034914223 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/asterisk.if 2011-10-27 13:59:14.087913422 -0400 @@ -64,9 +64,13 @@ interface(`asterisk_admin',` type asterisk_initrc_exec_t; ') @@ -739,8 +739,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 asterisk_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace serefpolicy-3.10.0/policy/modules/services/automount.if ---- serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace 2011-10-14 09:46:28.640531962 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/automount.if 2011-10-14 09:46:29.125522668 -0400 +--- serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace 2011-10-27 13:59:13.038914219 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/automount.if 2011-10-27 13:59:14.089913420 -0400 @@ -150,9 +150,13 @@ interface(`automount_admin',` type automount_var_run_t, automount_initrc_exec_t; ') @@ -757,8 +757,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace serefpol domain_system_change_exemption($1) role_transition $2 automount_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace serefpolicy-3.10.0/policy/modules/services/avahi.if ---- serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace 2011-10-14 09:46:28.641531943 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/avahi.if 2011-10-14 09:46:29.126522649 -0400 +--- serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace 2011-10-27 13:59:13.042914218 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/avahi.if 2011-10-27 13:59:14.091913418 -0400 @@ -154,9 +154,13 @@ interface(`avahi_admin',` type avahi_t, avahi_var_run_t, avahi_initrc_exec_t; ') @@ -775,8 +775,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 avahi_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace serefpolicy-3.10.0/policy/modules/services/bind.if ---- serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace 2011-10-14 09:46:28.643531904 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/bind.if 2011-10-14 09:46:29.127522630 -0400 +--- serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace 2011-10-27 13:59:13.046914215 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/bind.if 2011-10-27 13:59:14.093913416 -0400 @@ -408,12 +408,20 @@ interface(`bind_admin',` type dnssec_t, ndc_t, named_keytab_t; ') @@ -802,7 +802,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, named_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace serefpolicy-3.10.0/policy/modules/services/bitlbee.if --- serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/bitlbee.if 2011-10-14 09:46:29.127522630 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/bitlbee.if 2011-10-27 13:59:14.095913416 -0400 @@ -43,9 +43,13 @@ interface(`bitlbee_admin',` type bitlbee_initrc_exec_t; ') @@ -819,8 +819,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace serefpolic domain_system_change_exemption($1) role_transition $2 bitlbee_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace serefpolicy-3.10.0/policy/modules/services/bluetooth.if ---- serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace 2011-10-14 09:46:28.645531865 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/bluetooth.if 2011-10-14 09:46:29.128522611 -0400 +--- serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace 2011-10-27 13:59:13.051914210 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/bluetooth.if 2011-10-27 13:59:14.096913416 -0400 @@ -28,7 +28,11 @@ interface(`bluetooth_role',` # allow ps to show cdrecord and allow the user to kill it @@ -850,8 +850,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace serefpol domain_system_change_exemption($1) role_transition $2 bluetooth_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace serefpolicy-3.10.0/policy/modules/services/boinc.if ---- serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace 2011-10-14 09:46:28.648531808 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/boinc.if 2011-10-14 09:46:29.129522592 -0400 +--- serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace 2011-10-27 13:59:13.055914206 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/boinc.if 2011-10-27 13:59:14.098913415 -0400 @@ -137,9 +137,13 @@ interface(`boinc_admin',` type boinc_t, boinc_initrc_exec_t, boinc_var_lib_t; ') @@ -868,8 +868,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 boinc_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace serefpolicy-3.10.0/policy/modules/services/boinc.te ---- serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace 2011-10-14 09:46:29.039524313 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-10-14 09:46:29.130522573 -0400 +--- serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace 2011-10-27 13:59:13.912913556 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-10-27 13:59:14.100913413 -0400 @@ -121,9 +121,13 @@ mta_send_mail(boinc_t) domtrans_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_t) allow boinc_t boinc_project_t:process sigkill; @@ -886,8 +886,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace serefpolicy- allow boinc_project_t self:sem create_sem_perms; diff -up serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace serefpolicy-3.10.0/policy/modules/services/bugzilla.if ---- serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace 2011-10-14 09:46:28.649531789 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/bugzilla.if 2011-10-14 09:46:29.130522573 -0400 +--- serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace 2011-10-27 13:59:13.059914205 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/bugzilla.if 2011-10-27 13:59:14.101913412 -0400 @@ -62,9 +62,13 @@ interface(`bugzilla_admin',` type httpd_bugzilla_htaccess_t, httpd_bugzilla_tmp_t; ') @@ -904,8 +904,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace serefpoli admin_pattern($1, httpd_bugzilla_tmp_t) diff -up serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace serefpolicy-3.10.0/policy/modules/services/callweaver.if ---- serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace 2011-10-14 09:46:28.652531732 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/callweaver.if 2011-10-14 09:46:29.131522554 -0400 +--- serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace 2011-10-27 13:59:13.068914197 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/callweaver.if 2011-10-27 13:59:14.103913410 -0400 @@ -336,9 +336,13 @@ interface(`callweaver_admin',` type callweaver_spool_t; ') @@ -923,7 +923,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace serefpo role_transition $2 callweaver_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace serefpolicy-3.10.0/policy/modules/services/canna.if --- serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/canna.if 2011-10-14 09:46:29.132522535 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/canna.if 2011-10-27 13:59:14.105913408 -0400 @@ -42,9 +42,13 @@ interface(`canna_admin',` type canna_var_run_t, canna_initrc_exec_t; ') @@ -940,8 +940,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 canna_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace serefpolicy-3.10.0/policy/modules/services/certmaster.if ---- serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace 2011-10-14 09:46:28.656531654 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/certmaster.if 2011-10-14 09:46:29.132522535 -0400 +--- serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace 2011-10-27 13:59:13.075914193 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/certmaster.if 2011-10-27 13:59:14.106913407 -0400 @@ -119,9 +119,13 @@ interface(`certmaster_admin',` type certmaster_etc_rw_t, certmaster_var_log_t, certmaster_initrc_exec_t; ') @@ -958,8 +958,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace serefpo domain_system_change_exemption($1) role_transition $2 certmaster_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace serefpolicy-3.10.0/policy/modules/services/certmonger.if ---- serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace 2011-10-14 09:46:28.657531635 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/certmonger.if 2011-10-14 09:46:29.133522515 -0400 +--- serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace 2011-10-27 13:59:13.078914190 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/certmonger.if 2011-10-27 13:59:14.108913405 -0400 @@ -158,7 +158,11 @@ interface(`certmonger_admin',` ') @@ -974,8 +974,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace serefpo # Allow certmonger_t to restart the apache service certmonger_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace serefpolicy-3.10.0/policy/modules/services/cgroup.if ---- serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace 2011-10-14 09:46:28.660531578 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cgroup.if 2011-10-14 09:46:29.134522495 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace 2011-10-27 13:59:13.083914185 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cgroup.if 2011-10-27 13:59:14.110913405 -0400 @@ -171,15 +171,27 @@ interface(`cgroup_admin',` type cgrules_etc_t, cgclear_t; ') @@ -1008,8 +1008,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace serefpolicy admin_pattern($1, cgrules_etc_t) files_list_etc($1) diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace serefpolicy-3.10.0/policy/modules/services/cgroup.te ---- serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace 2011-10-14 09:46:28.660531578 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cgroup.te 2011-10-14 09:46:29.134522495 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace 2011-10-27 13:59:13.086914183 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cgroup.te 2011-10-27 13:59:14.111913404 -0400 @@ -76,7 +76,8 @@ fs_unmount_cgroup(cgconfig_t) # cgred personal policy. # @@ -1021,8 +1021,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace serefpolicy allow cgred_t self:unix_dgram_socket { write create connect }; diff -up serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace serefpolicy-3.10.0/policy/modules/services/chronyd.if ---- serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace 2011-10-14 09:46:28.661531559 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/chronyd.if 2011-10-14 09:46:29.135522476 -0400 +--- serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace 2011-10-27 13:59:13.089914183 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/chronyd.if 2011-10-27 13:59:14.114913401 -0400 @@ -217,9 +217,13 @@ interface(`chronyd_admin',` type chronyd_keys_t; ') @@ -1039,8 +1039,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace serefpolic domain_system_change_exemption($1) role_transition $2 chronyd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace serefpolicy-3.10.0/policy/modules/services/clamav.if ---- serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace 2011-10-14 09:46:28.664531502 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/clamav.if 2011-10-14 09:46:29.135522476 -0400 +--- serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace 2011-10-27 13:59:13.093914179 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/clamav.if 2011-10-27 13:59:14.116913399 -0400 @@ -176,13 +176,19 @@ interface(`clamav_admin',` type freshclam_t, freshclam_var_log_t; ') @@ -1065,8 +1065,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace serefpolicy init_labeled_script_domtrans($1, clamd_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace serefpolicy-3.10.0/policy/modules/services/cmirrord.if ---- serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace 2011-10-14 09:46:28.668531424 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cmirrord.if 2011-10-14 09:46:29.136522457 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace 2011-10-27 13:59:13.104914170 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cmirrord.if 2011-10-27 13:59:14.117913398 -0400 @@ -101,9 +101,13 @@ interface(`cmirrord_admin',` type cmirrord_t, cmirrord_initrc_exec_t, cmirrord_var_run_t; ') @@ -1083,8 +1083,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 cmirrord_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace serefpolicy-3.10.0/policy/modules/services/cobbler.if ---- serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace 2011-10-14 09:46:28.669531405 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cobbler.if 2011-10-14 09:46:29.137522438 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace 2011-10-27 13:59:13.109914167 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cobbler.if 2011-10-27 13:59:14.119913397 -0400 @@ -189,9 +189,13 @@ interface(`cobblerd_admin',` type httpd_cobbler_content_ra_t, httpd_cobbler_content_rw_t; ') @@ -1101,8 +1101,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace serefpolic admin_pattern($1, cobbler_etc_t) diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace serefpolicy-3.10.0/policy/modules/services/cobbler.te ---- serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace 2011-10-14 09:46:28.670531386 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cobbler.te 2011-10-14 09:46:29.138522419 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace 2011-10-27 13:59:13.110914166 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cobbler.te 2011-10-27 13:59:14.121913397 -0400 @@ -60,7 +60,7 @@ files_tmp_file(cobbler_tmp_t) # @@ -1113,8 +1113,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace serefpolic allow cobblerd_t self:process { getsched setsched signal }; allow cobblerd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace serefpolicy-3.10.0/policy/modules/services/collectd.if ---- serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace 2011-10-14 09:46:28.671531367 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/collectd.if 2011-10-14 09:46:29.139522400 -0400 +--- serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace 2011-10-27 13:59:13.113914163 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/collectd.if 2011-10-27 13:59:14.123913396 -0400 @@ -142,9 +142,13 @@ interface(`collectd_admin',` type collectd_var_lib_t; ') @@ -1131,8 +1131,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 collectd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace serefpolicy-3.10.0/policy/modules/services/consolekit.te ---- serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace 2011-10-14 09:46:28.673531329 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/consolekit.te 2011-10-14 09:46:29.140522381 -0400 +--- serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace 2011-10-27 13:59:13.118914159 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/consolekit.te 2011-10-27 13:59:14.124913395 -0400 @@ -23,7 +23,8 @@ files_tmpfs_file(consolekit_tmpfs_t) # consolekit local policy # @@ -1154,8 +1154,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace serefpo unconfined_stream_connect(consolekit_t) ') diff -up serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace serefpolicy-3.10.0/policy/modules/services/corosync.if ---- serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace 2011-10-14 09:46:28.674531310 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/corosync.if 2011-10-14 09:46:29.141522362 -0400 +--- serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace 2011-10-27 13:59:13.121914158 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/corosync.if 2011-10-27 13:59:14.126913393 -0400 @@ -101,9 +101,13 @@ interface(`corosyncd_admin',` type corosync_initrc_exec_t; ') @@ -1172,8 +1172,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 corosync_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace serefpolicy-3.10.0/policy/modules/services/corosync.te ---- serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace 2011-10-14 09:46:28.675531291 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/corosync.te 2011-10-14 09:46:29.142522343 -0400 +--- serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace 2011-10-27 13:59:13.122914157 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/corosync.te 2011-10-27 13:59:14.127913392 -0400 @@ -33,7 +33,7 @@ files_pid_file(corosync_var_run_t) # corosync local policy # @@ -1184,8 +1184,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace serefpoli allow corosync_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace serefpolicy-3.10.0/policy/modules/services/cron.if ---- serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace 2011-10-14 09:46:28.679531213 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cron.if 2011-10-14 09:46:29.143522324 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace 2011-10-27 13:59:13.133914148 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cron.if 2011-10-27 13:59:14.130913389 -0400 @@ -140,7 +140,11 @@ interface(`cron_role',` # crontab shows up in user ps @@ -1224,8 +1224,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace serefpolicy-3 # Run helper programs as the user domain #corecmd_bin_domtrans(admin_crontab_t, $2) diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace serefpolicy-3.10.0/policy/modules/services/cron.te ---- serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace 2011-10-14 09:46:29.040524294 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-10-14 09:46:29.145522286 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace 2011-10-27 13:59:13.915913554 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-10-27 13:59:14.132913387 -0400 @@ -350,7 +350,6 @@ optional_policy(` # @@ -1235,8 +1235,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace serefpolicy-3 allow system_cronjob_t self:process { signal_perms getsched setsched }; allow system_cronjob_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ctdbd.if ---- serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace 2011-10-14 09:46:28.681531175 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ctdbd.if 2011-10-14 09:46:29.146522267 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace 2011-10-27 13:59:13.138914145 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ctdbd.if 2011-10-27 13:59:14.134913386 -0400 @@ -236,8 +236,11 @@ interface(`ctdbd_admin',` type ctdbd_log_t, ctdbd_var_lib_t, ctdbd_var_run_t; ') @@ -1251,8 +1251,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace serefpolicy- ctdbd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace serefpolicy-3.10.0/policy/modules/services/ctdbd.te ---- serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace 2011-10-14 09:46:28.682531156 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ctdbd.te 2011-10-14 09:46:29.146522267 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace 2011-10-27 13:59:13.140914143 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ctdbd.te 2011-10-27 13:59:14.135913386 -0400 @@ -33,7 +33,7 @@ files_pid_file(ctdbd_var_run_t) # ctdbd local policy # @@ -1263,8 +1263,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace serefpolicy- allow ctdbd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace serefpolicy-3.10.0/policy/modules/services/cups.if ---- serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace 2011-10-14 09:46:28.683531137 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cups.if 2011-10-14 09:46:29.147522248 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace 2011-10-27 13:59:13.142914141 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cups.if 2011-10-27 13:59:14.137913384 -0400 @@ -327,9 +327,13 @@ interface(`cups_admin',` type ptal_var_run_t; ') @@ -1281,8 +1281,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace serefpolicy-3 domain_system_change_exemption($1) role_transition $2 cupsd_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace serefpolicy-3.10.0/policy/modules/services/cvs.if ---- serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace 2011-10-14 09:46:28.685531099 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cvs.if 2011-10-14 09:46:29.148522228 -0400 +--- serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace 2011-10-27 13:59:13.146914137 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cvs.if 2011-10-27 13:59:14.139913382 -0400 @@ -80,9 +80,13 @@ interface(`cvs_admin',` type cvs_data_t, cvs_var_run_t; ') @@ -1300,7 +1300,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace serefpolicy-3. domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace serefpolicy-3.10.0/policy/modules/services/cyrus.if --- serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/cyrus.if 2011-10-14 09:46:29.148522228 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/cyrus.if 2011-10-27 13:59:14.140913381 -0400 @@ -62,9 +62,13 @@ interface(`cyrus_admin',` type cyrus_var_run_t, cyrus_initrc_exec_t; ') @@ -1317,8 +1317,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace serefpolicy- domain_system_change_exemption($1) role_transition $2 cyrus_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace serefpolicy-3.10.0/policy/modules/services/dbus.if ---- serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace 2011-10-14 09:46:28.690531003 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dbus.if 2011-10-14 09:46:29.149522208 -0400 +--- serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace 2011-10-27 13:59:13.157914130 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/dbus.if 2011-10-27 13:59:14.142913379 -0400 @@ -71,7 +71,11 @@ template(`dbus_role_template',` domtrans_pattern($3, dbusd_exec_t, $1_dbusd_t) @@ -1333,8 +1333,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace serefpolicy-3 # cjp: this seems very broken corecmd_bin_domtrans($1_dbusd_t, $1_t) diff -up serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace serefpolicy-3.10.0/policy/modules/services/ddclient.if ---- serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace 2011-10-14 09:46:28.693530945 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ddclient.if 2011-10-14 09:46:29.150522189 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace 2011-10-27 13:59:13.163914124 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ddclient.if 2011-10-27 13:59:14.144913378 -0400 @@ -68,9 +68,13 @@ interface(`ddclient_admin',` type ddclient_var_run_t; ') @@ -1351,8 +1351,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace serefpoli domain_system_change_exemption($1) role_transition $2 ddclient_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace serefpolicy-3.10.0/policy/modules/services/denyhosts.if ---- serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace 2011-10-14 09:46:28.694530926 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/denyhosts.if 2011-10-14 09:46:29.151522170 -0400 +--- serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace 2011-10-27 13:59:13.166914124 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/denyhosts.if 2011-10-27 13:59:14.145913378 -0400 @@ -67,9 +67,13 @@ interface(`denyhosts_admin',` type denyhosts_var_log_t, denyhosts_initrc_exec_t; ') @@ -1369,8 +1369,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace serefpol domain_system_change_exemption($1) role_transition $2 denyhosts_initrc_exec_t system_r; diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace serefpolicy-3.10.0/policy/modules/services/devicekit.if ---- serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace 2011-10-14 09:46:28.696530888 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/devicekit.if 2011-10-14 09:46:29.151522170 -0400 +--- serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace 2011-10-27 13:59:13.170914120 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/devicekit.if 2011-10-27 13:59:14.147913378 -0400 @@ -308,13 +308,18 @@ interface(`devicekit_admin',` type devicekit_var_lib_t, devicekit_var_run_t, devicekit_tmp_t; ') @@ -1394,8 +1394,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace serefpol admin_pattern($1, devicekit_tmp_t) diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace serefpolicy-3.10.0/policy/modules/services/devicekit.te ---- serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace 2011-10-14 09:46:28.697530869 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/devicekit.te 2011-10-14 09:46:29.152522151 -0400 +--- serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace 2011-10-27 13:59:13.173914117 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/devicekit.te 2011-10-27 13:59:14.149913376 -0400 @@ -65,7 +65,8 @@ optional_policy(` # DeviceKit disk local policy # @@ -1416,8 +1416,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace serefpol allow devicekit_power_t self:fifo_file rw_fifo_file_perms; allow devicekit_power_t self:unix_dgram_socket create_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace serefpolicy-3.10.0/policy/modules/services/dhcp.if ---- serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace 2011-10-14 09:46:28.698530850 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dhcp.if 2011-10-14 09:46:29.153522132 -0400 +--- serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace 2011-10-27 13:59:13.176914114 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/dhcp.if 2011-10-27 13:59:14.150913375 -0400 @@ -105,8 +105,11 @@ interface(`dhcpd_admin',` type dhcpd_var_run_t, dhcpd_initrc_exec_t; ') @@ -1433,7 +1433,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace serefpolicy-3 domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace serefpolicy-3.10.0/policy/modules/services/dictd.if --- serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dictd.if 2011-10-14 09:46:29.153522132 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/dictd.if 2011-10-27 13:59:14.152913373 -0400 @@ -38,8 +38,11 @@ interface(`dictd_admin',` type dictd_var_run_t, dictd_initrc_exec_t; ') @@ -1448,9 +1448,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace serefpolicy- init_labeled_script_domtrans($1, dictd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace serefpolicy-3.10.0/policy/modules/services/dnsmasq.if ---- serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace 2011-10-14 09:46:28.704530734 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dnsmasq.if 2011-10-14 09:46:29.154522113 -0400 -@@ -281,8 +281,11 @@ interface(`dnsmasq_admin',` +--- serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace 2011-10-27 13:59:13.191914103 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/dnsmasq.if 2011-10-27 13:59:14.154913371 -0400 +@@ -298,8 +298,11 @@ interface(`dnsmasq_admin',` type dnsmasq_initrc_exec_t; ') @@ -1464,8 +1464,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace serefpolic init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace serefpolicy-3.10.0/policy/modules/services/dovecot.if ---- serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace 2011-10-14 09:46:28.706530696 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dovecot.if 2011-10-14 09:46:29.155522094 -0400 +--- serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace 2011-10-27 13:59:13.196914100 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/dovecot.if 2011-10-27 13:59:14.155913370 -0400 @@ -119,8 +119,11 @@ interface(`dovecot_admin',` type dovecot_cert_t, dovecot_passwd_t, dovecot_initrc_exec_t; ') @@ -1480,8 +1480,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace serefpolic init_labeled_script_domtrans($1, dovecot_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace serefpolicy-3.10.0/policy/modules/services/drbd.if ---- serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace 2011-10-14 09:46:28.709530639 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/drbd.if 2011-10-14 09:46:29.155522094 -0400 +--- serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace 2011-10-27 13:59:13.200914098 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/drbd.if 2011-10-27 13:59:14.157913368 -0400 @@ -120,8 +120,11 @@ interface(`drbd_admin',` type drbd_var_lib_t; ') @@ -1496,8 +1496,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace serefpolicy-3 files_search_var_lib($1) admin_pattern($1, drbd_var_lib_t) diff -up serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace serefpolicy-3.10.0/policy/modules/services/dspam.if ---- serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace 2011-10-14 09:46:28.711530601 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/dspam.if 2011-10-14 09:46:29.156522075 -0400 +--- serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace 2011-10-27 13:59:13.203914095 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/dspam.if 2011-10-27 13:59:14.159913366 -0400 @@ -244,8 +244,11 @@ interface(`dspam_admin',` type dspam_var_run_t; ') @@ -1512,8 +1512,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace serefpolicy- dspam_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace serefpolicy-3.10.0/policy/modules/services/exim.if ---- serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace 2011-10-14 09:46:28.712530582 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/exim.if 2011-10-14 09:46:29.157522056 -0400 +--- serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace 2011-10-27 13:59:13.208914090 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/exim.if 2011-10-27 13:59:14.161913365 -0400 @@ -260,8 +260,11 @@ interface(`exim_admin',` type exim_tmp_t, exim_spool_t, exim_var_run_t; ') @@ -1528,8 +1528,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace serefpolicy-3 exim_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace serefpolicy-3.10.0/policy/modules/services/fail2ban.if ---- serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace 2011-10-14 09:46:28.714530543 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/fail2ban.if 2011-10-14 09:46:29.158522037 -0400 +--- serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace 2011-10-27 13:59:13.212914089 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/fail2ban.if 2011-10-27 13:59:14.162913365 -0400 @@ -199,8 +199,11 @@ interface(`fail2ban_admin',` type fail2ban_client_t; ') @@ -1544,8 +1544,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace serefpoli init_labeled_script_domtrans($1, fail2ban_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace serefpolicy-3.10.0/policy/modules/services/fcoemon.if ---- serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace 2011-10-14 09:46:28.716530504 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/fcoemon.if 2011-10-14 09:46:29.158522037 -0400 +--- serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace 2011-10-27 13:59:13.215914086 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/fcoemon.if 2011-10-27 13:59:14.164913365 -0400 @@ -81,8 +81,11 @@ interface(`fcoemon_admin',` type fcoemon_var_run_t; ') @@ -1560,8 +1560,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace serefpolic files_search_pids($1) admin_pattern($1, fcoemon_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace serefpolicy-3.10.0/policy/modules/services/fetchmail.if ---- serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace 2011-10-14 09:46:28.717530485 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/fetchmail.if 2011-10-14 09:46:29.159522018 -0400 +--- serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace 2011-10-27 13:59:13.220914081 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/fetchmail.if 2011-10-27 13:59:14.166913363 -0400 @@ -18,8 +18,11 @@ interface(`fetchmail_admin',` type fetchmail_var_run_t; ') @@ -1576,8 +1576,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace serefpol files_list_etc($1) admin_pattern($1, fetchmail_etc_t) diff -up serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace serefpolicy-3.10.0/policy/modules/services/firewalld.if ---- serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace 2011-10-14 09:46:28.719530447 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/firewalld.if 2011-10-14 09:46:29.159522018 -0400 +--- serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace 2011-10-27 13:59:13.224914078 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/firewalld.if 2011-10-27 13:59:14.167913362 -0400 @@ -62,8 +62,11 @@ interface(`firewalld_admin',` type firewalld_initrc_exec_t; ') @@ -1592,8 +1592,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace serefpol firewalld_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace serefpolicy-3.10.0/policy/modules/services/fprintd.te ---- serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace 2011-10-14 09:46:28.721530409 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/fprintd.te 2011-10-14 09:46:29.160521999 -0400 +--- serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace 2011-10-27 13:59:13.228914077 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/fprintd.te 2011-10-27 13:59:14.169913360 -0400 @@ -17,7 +17,8 @@ files_type(fprintd_var_lib_t) # Local policy # @@ -1605,8 +1605,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace serefpolic allow fprintd_t self:process { getsched setsched signal }; diff -up serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ftp.if ---- serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace 2011-10-14 09:46:28.722530390 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ftp.if 2011-10-14 09:46:29.161521980 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace 2011-10-27 13:59:13.231914074 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ftp.if 2011-10-27 13:59:14.171913358 -0400 @@ -237,8 +237,11 @@ interface(`ftp_admin',` type ftpd_initrc_exec_t; ') @@ -1621,8 +1621,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace serefpolicy-3. init_labeled_script_domtrans($1, ftpd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/git.if.ptrace serefpolicy-3.10.0/policy/modules/services/git.if ---- serefpolicy-3.10.0/policy/modules/services/git.if.ptrace 2011-10-14 09:46:28.725530332 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/git.if 2011-10-14 09:46:29.162521961 -0400 +--- serefpolicy-3.10.0/policy/modules/services/git.if.ptrace 2011-10-27 13:59:13.237914068 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/git.if 2011-10-27 13:59:14.173913356 -0400 @@ -42,8 +42,11 @@ interface(`git_session_role',` domtrans_pattern($2, gitd_exec_t, git_session_t) @@ -1637,8 +1637,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/git.if.ptrace serefpolicy-3. ######################################## diff -up serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace serefpolicy-3.10.0/policy/modules/services/glance.if ---- serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace 2011-10-14 09:46:28.727530293 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/glance.if 2011-10-14 09:46:29.163521941 -0400 +--- serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace 2011-10-27 13:59:13.242914065 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/glance.if 2011-10-27 13:59:14.174913355 -0400 @@ -245,10 +245,14 @@ interface(`glance_admin',` type glance_api_initrc_exec_t; ') @@ -1657,8 +1657,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace serefpolicy init_labeled_script_domtrans($1, glance_registry_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace serefpolicy-3.10.0/policy/modules/services/gnomeclock.te ---- serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace 2011-10-14 09:46:28.729530255 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/gnomeclock.te 2011-10-14 09:46:29.163521941 -0400 +--- serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace 2011-10-27 13:59:13.247914062 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/gnomeclock.te 2011-10-27 13:59:14.176913354 -0400 @@ -14,7 +14,7 @@ dbus_system_domain(gnomeclock_t, gnomecl # gnomeclock local policy # @@ -1669,8 +1669,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace serefpo allow gnomeclock_t self:fifo_file rw_fifo_file_perms; allow gnomeclock_t self:unix_stream_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace serefpolicy-3.10.0/policy/modules/services/gpsd.te ---- serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace 2011-10-14 09:46:28.731530217 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/gpsd.te 2011-10-14 09:46:29.164521921 -0400 +--- serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace 2011-10-27 13:59:13.251914058 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/gpsd.te 2011-10-27 13:59:14.178913354 -0400 @@ -25,7 +25,7 @@ files_pid_file(gpsd_var_run_t) # @@ -1681,8 +1681,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace serefpolicy-3 allow gpsd_t self:shm create_shm_perms; allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto }; diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace serefpolicy-3.10.0/policy/modules/services/hadoop.if ---- serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace 2011-10-14 09:46:29.040524294 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-10-14 09:46:29.165521902 -0400 +--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace 2011-10-27 13:59:13.917913552 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-10-27 13:59:14.180913352 -0400 @@ -222,14 +222,21 @@ interface(`hadoop_role',` hadoop_domtrans($2) role $1 types hadoop_t; @@ -1708,8 +1708,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace serefpolicy ######################################## diff -up serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace serefpolicy-3.10.0/policy/modules/services/hal.if ---- serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace 2011-10-14 09:46:28.735530141 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/hal.if 2011-10-14 09:46:29.166521883 -0400 +--- serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace 2011-10-27 13:59:13.257914054 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/hal.if 2011-10-27 13:59:14.181913351 -0400 @@ -70,7 +70,9 @@ interface(`hal_ptrace',` type hald_t; ') @@ -1722,8 +1722,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace serefpolicy-3. ######################################## diff -up serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace serefpolicy-3.10.0/policy/modules/services/hal.te ---- serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace 2011-10-14 09:46:28.735530141 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/hal.te 2011-10-14 09:46:29.167521864 -0400 +--- serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace 2011-10-27 13:59:13.261914051 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/hal.te 2011-10-27 13:59:14.183913349 -0400 @@ -64,7 +64,7 @@ typealias hald_var_run_t alias pmtools_v # execute openvt which needs setuid @@ -1734,8 +1734,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace serefpolicy-3. allow hald_t self:fifo_file rw_fifo_file_perms; allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto }; diff -up serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace serefpolicy-3.10.0/policy/modules/services/hddtemp.if ---- serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace 2011-10-14 09:46:28.736530122 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/hddtemp.if 2011-10-14 09:46:29.167521864 -0400 +--- serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace 2011-10-27 13:59:13.262914050 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/hddtemp.if 2011-10-27 13:59:14.185913347 -0400 @@ -60,8 +60,11 @@ interface(`hddtemp_admin',` type hddtemp_t, hddtemp_etc_t, hddtemp_initrc_exec_t; ') @@ -1750,8 +1750,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace serefpolic init_labeled_script_domtrans($1, hddtemp_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace serefpolicy-3.10.0/policy/modules/services/icecast.if ---- serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace 2011-10-14 09:46:28.737530102 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/icecast.if 2011-10-14 09:46:29.168521845 -0400 +--- serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace 2011-10-27 13:59:13.265914047 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/icecast.if 2011-10-27 13:59:14.186913346 -0400 @@ -173,8 +173,11 @@ interface(`icecast_admin',` type icecast_t, icecast_initrc_exec_t; ') @@ -1766,8 +1766,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace serefpolic # Allow icecast_t to restart the apache service icecast_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ifplugd.if ---- serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace 2011-10-14 09:46:28.738530082 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ifplugd.if 2011-10-14 09:46:29.169521826 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace 2011-10-27 13:59:13.267914045 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ifplugd.if 2011-10-27 13:59:14.188913344 -0400 @@ -117,7 +117,7 @@ interface(`ifplugd_admin',` type ifplugd_initrc_exec_t; ') @@ -1778,8 +1778,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace serefpolic init_labeled_script_domtrans($1, ifplugd_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace serefpolicy-3.10.0/policy/modules/services/ifplugd.te ---- serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace 2011-10-14 09:46:28.739530063 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ifplugd.te 2011-10-14 09:46:29.170521807 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace 2011-10-27 13:59:13.268914044 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ifplugd.te 2011-10-27 13:59:14.190913343 -0400 @@ -26,7 +26,7 @@ files_pid_file(ifplugd_var_run_t) # @@ -1790,8 +1790,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace serefpolic allow ifplugd_t self:fifo_file rw_fifo_file_perms; allow ifplugd_t self:tcp_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace serefpolicy-3.10.0/policy/modules/services/inn.if ---- serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace 2011-10-14 09:46:28.741530025 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/inn.if 2011-10-14 09:46:29.170521807 -0400 +--- serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace 2011-10-27 13:59:13.274914042 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/inn.if 2011-10-27 13:59:14.191913343 -0400 @@ -202,8 +202,11 @@ interface(`inn_admin',` type innd_initrc_exec_t; ') @@ -1806,8 +1806,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace serefpolicy-3. init_labeled_script_domtrans($1, innd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace serefpolicy-3.10.0/policy/modules/services/jabber.if ---- serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace 2011-10-14 09:46:28.744529968 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/jabber.if 2011-10-14 09:46:29.171521788 -0400 +--- serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace 2011-10-27 13:59:13.279914037 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/jabber.if 2011-10-27 13:59:14.193913343 -0400 @@ -143,10 +143,14 @@ interface(`jabber_admin',` type jabberd_initrc_exec_t, jabberd_router_t; ') @@ -1826,8 +1826,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace serefpolicy init_labeled_script_domtrans($1, jabberd_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace serefpolicy-3.10.0/policy/modules/services/kerberos.if ---- serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace 2011-10-14 09:46:28.746529930 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/kerberos.if 2011-10-14 09:46:29.172521769 -0400 +--- serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace 2011-10-27 13:59:13.285914031 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/kerberos.if 2011-10-27 13:59:14.195913341 -0400 @@ -340,13 +340,18 @@ interface(`kerberos_admin',` type krb5kdc_var_run_t, krb5_host_rcache_t; ') @@ -1851,8 +1851,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace serefpoli init_labeled_script_domtrans($1, kerberos_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace serefpolicy-3.10.0/policy/modules/services/kerneloops.if ---- serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace 2011-10-14 09:46:28.747529911 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/kerneloops.if 2011-10-14 09:46:29.172521769 -0400 +--- serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace 2011-10-27 13:59:13.288914030 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/kerneloops.if 2011-10-27 13:59:14.196913340 -0400 @@ -101,8 +101,11 @@ interface(`kerneloops_admin',` type kerneloops_t, kerneloops_initrc_exec_t, kerneloops_tmp_t; ') @@ -1867,8 +1867,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace serefpo init_labeled_script_domtrans($1, kerneloops_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace serefpolicy-3.10.0/policy/modules/services/ksmtuned.if ---- serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace 2011-10-14 09:46:28.750529852 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.if 2011-10-14 09:46:29.173521750 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace 2011-10-27 13:59:13.294914026 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.if 2011-10-27 13:59:14.198913338 -0400 @@ -58,8 +58,11 @@ interface(`ksmtuned_admin',` type ksmtuned_t, ksmtuned_var_run_t, ksmtuned_initrc_exec_t; ') @@ -1883,8 +1883,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace serefpoli files_list_pids($1) admin_pattern($1, ksmtuned_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace serefpolicy-3.10.0/policy/modules/services/ksmtuned.te ---- serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace 2011-10-14 09:46:28.751529833 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.te 2011-10-14 09:46:29.174521731 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace 2011-10-27 13:59:13.295914025 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.te 2011-10-27 13:59:14.200913336 -0400 @@ -23,7 +23,7 @@ files_pid_file(ksmtuned_var_run_t) # ksmtuned local policy # @@ -1895,8 +1895,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace serefpoli manage_dirs_pattern(ksmtuned_t, ksmtuned_log_t, ksmtuned_log_t) diff -up serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/l2tpd.if ---- serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace 2011-10-14 09:46:28.752529814 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/l2tpd.if 2011-10-14 09:46:29.174521731 -0400 +--- serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace 2011-10-27 13:59:13.299914021 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/l2tpd.if 2011-10-27 13:59:14.201913335 -0400 @@ -101,8 +101,11 @@ interface(`l2tpd_admin',` type l2tpd_var_run_t; ') @@ -1911,8 +1911,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace serefpolicy- l2tpd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace serefpolicy-3.10.0/policy/modules/services/ldap.if ---- serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace 2011-10-14 09:46:28.754529776 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ldap.if 2011-10-14 09:46:29.175521712 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace 2011-10-27 13:59:13.302914019 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ldap.if 2011-10-27 13:59:14.203913333 -0400 @@ -174,8 +174,11 @@ interface(`ldap_admin',` type slapd_initrc_exec_t; ') @@ -1928,7 +1928,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace serefpolicy-3 domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace serefpolicy-3.10.0/policy/modules/services/lircd.if --- serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/lircd.if 2011-10-14 09:46:29.176521693 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/lircd.if 2011-10-27 13:59:14.210913330 -0400 @@ -80,8 +80,11 @@ interface(`lircd_admin',` type lircd_initrc_exec_t, lircd_etc_t; ') @@ -1943,8 +1943,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace serefpolicy- init_labeled_script_domtrans($1, lircd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace serefpolicy-3.10.0/policy/modules/services/lldpad.if ---- serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace 2011-10-14 09:46:28.759529681 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/lldpad.if 2011-10-14 09:46:29.176521693 -0400 +--- serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace 2011-10-27 13:59:13.312914011 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/lldpad.if 2011-10-27 13:59:14.211913329 -0400 @@ -180,8 +180,11 @@ interface(`lldpad_admin',` type lldpad_var_run_t; ') @@ -1959,8 +1959,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace serefpolicy lldpad_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/lpd.if ---- serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace 2011-10-14 09:46:28.760529661 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/lpd.if 2011-10-14 09:46:29.178521654 -0400 +--- serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace 2011-10-27 13:59:13.315914008 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/lpd.if 2011-10-27 13:59:14.213913327 -0400 @@ -28,7 +28,10 @@ interface(`lpd_role',` dontaudit lpr_t $2:unix_stream_socket { read write }; @@ -1974,8 +1974,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace serefpolicy-3. optional_policy(` cups_read_config($2) diff -up serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace serefpolicy-3.10.0/policy/modules/services/mailscanner.if ---- serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace 2011-10-14 09:46:28.763529603 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mailscanner.if 2011-10-14 09:46:29.178521654 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace 2011-10-27 13:59:13.323914004 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/mailscanner.if 2011-10-27 13:59:14.215913325 -0400 @@ -47,8 +47,11 @@ interface(`mailscanner_admin',` role_transition $2 mscan_initrc_exec_t system_r; allow $2 system_r; @@ -1990,8 +1990,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace serefp admin_pattern($1, mscan_etc_t) files_list_etc($1) diff -up serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace serefpolicy-3.10.0/policy/modules/services/matahari.if ---- serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace 2011-10-14 09:46:28.765529565 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/matahari.if 2011-10-14 09:46:29.179521635 -0400 +--- serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace 2011-10-27 13:59:13.328913999 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/matahari.if 2011-10-27 13:59:14.216913324 -0400 @@ -229,13 +229,18 @@ interface(`matahari_admin',` role_transition $2 matahari_initrc_exec_t system_r; allow $2 system_r; @@ -2015,8 +2015,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace serefpoli files_search_var_lib($1) diff -up serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace serefpolicy-3.10.0/policy/modules/services/matahari.te ---- serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace 2011-10-14 09:46:28.765529565 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/matahari.te 2011-10-14 09:46:29.180521616 -0400 +--- serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace 2011-10-27 13:59:13.329913998 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/matahari.te 2011-10-27 13:59:14.218913322 -0400 @@ -24,9 +24,6 @@ files_pid_file(matahari_var_run_t) # # matahari_hostd local policy @@ -2028,8 +2028,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace serefpoli dev_read_sysfs(matahari_hostd_t) diff -up serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace serefpolicy-3.10.0/policy/modules/services/memcached.if ---- serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace 2011-10-14 09:46:28.767529527 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/memcached.if 2011-10-14 09:46:29.180521616 -0400 +--- serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace 2011-10-27 13:59:13.331913997 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/memcached.if 2011-10-27 13:59:14.220913320 -0400 @@ -59,8 +59,11 @@ interface(`memcached_admin',` type memcached_t, memcached_initrc_exec_t, memcached_var_run_t; ') @@ -2044,8 +2044,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace serefpol init_labeled_script_domtrans($1, memcached_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace serefpolicy-3.10.0/policy/modules/services/mock.if ---- serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace 2011-10-14 09:46:28.770529470 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mock.if 2011-10-14 09:46:29.181521597 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace 2011-10-27 13:59:13.339913990 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/mock.if 2011-10-27 13:59:14.222913319 -0400 @@ -245,7 +245,10 @@ interface(`mock_role',` mock_run($2, $1) @@ -2076,8 +2076,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace serefpolicy-3 files_list_var_lib($1) diff -up serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace serefpolicy-3.10.0/policy/modules/services/mock.te ---- serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace 2011-10-14 09:46:28.771529451 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mock.te 2011-10-14 09:46:29.182521578 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace 2011-10-27 13:59:13.340913989 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/mock.te 2011-10-27 13:59:14.224913319 -0400 @@ -41,7 +41,7 @@ files_config_file(mock_etc_t) # mock local policy # @@ -2097,8 +2097,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace serefpolicy-3 allow mock_build_t self:process { fork setsched setpgid signal_perms }; allow mock_build_t self:netlink_audit_socket { create_socket_perms nlmsg_relay }; diff -up serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace serefpolicy-3.10.0/policy/modules/services/mojomojo.if ---- serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace 2011-10-14 09:46:28.772529431 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mojomojo.if 2011-10-14 09:46:29.182521578 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace 2011-10-27 13:59:13.344913989 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/mojomojo.if 2011-10-27 13:59:14.225913318 -0400 @@ -24,8 +24,11 @@ interface(`mojomojo_admin',` type httpd_mojomojo_script_exec_t; ') @@ -2114,7 +2114,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace serefpoli admin_pattern($1, httpd_mojomojo_tmp_t) diff -up serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/mpd.if --- serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mpd.if 2011-10-14 09:46:29.183521559 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/mpd.if 2011-10-27 13:59:14.227913316 -0400 @@ -244,8 +244,11 @@ interface(`mpd_admin',` type mpd_tmpfs_t; ') @@ -2129,8 +2129,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace serefpolicy-3. mpd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace serefpolicy-3.10.0/policy/modules/services/munin.if ---- serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace 2011-10-14 09:46:28.779529297 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/munin.if 2011-10-14 09:46:29.184521540 -0400 +--- serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace 2011-10-27 13:59:13.360913976 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/munin.if 2011-10-27 13:59:14.229913314 -0400 @@ -183,8 +183,11 @@ interface(`munin_admin',` type httpd_munin_content_t, munin_initrc_exec_t; ') @@ -2145,8 +2145,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace serefpolicy- init_labeled_script_domtrans($1, munin_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace serefpolicy-3.10.0/policy/modules/services/mysql.if ---- serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace 2011-10-14 09:46:28.780529278 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mysql.if 2011-10-14 09:46:29.185521521 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace 2011-10-27 13:59:13.364913973 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/mysql.if 2011-10-27 13:59:14.230913313 -0400 @@ -389,8 +389,11 @@ interface(`mysql_admin',` type mysqld_etc_t; ') @@ -2161,8 +2161,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace serefpolicy- init_labeled_script_domtrans($1, mysqld_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace serefpolicy-3.10.0/policy/modules/services/mysql.te ---- serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace 2011-10-14 09:46:28.781529259 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/mysql.te 2011-10-14 09:46:29.186521502 -0400 +--- serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace 2011-10-27 13:59:13.365913972 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/mysql.te 2011-10-27 13:59:14.232913311 -0400 @@ -158,7 +158,6 @@ optional_policy(` # @@ -2172,8 +2172,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace serefpolicy- allow mysqld_safe_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace serefpolicy-3.10.0/policy/modules/services/nagios.if ---- serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace 2011-10-14 09:46:28.782529240 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nagios.if 2011-10-14 09:46:29.186521502 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace 2011-10-27 13:59:13.368913969 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/nagios.if 2011-10-27 13:59:14.234913309 -0400 @@ -225,8 +225,11 @@ interface(`nagios_admin',` type nagios_etc_t, nrpe_etc_t, nagios_spool_t; ') @@ -2188,8 +2188,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace serefpolicy init_labeled_script_domtrans($1, nagios_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace serefpolicy-3.10.0/policy/modules/services/networkmanager.te ---- serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace 2011-10-14 09:46:28.786529162 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/networkmanager.te 2011-10-14 09:46:29.187521483 -0400 +--- serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace 2011-10-27 13:59:13.377913962 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/networkmanager.te 2011-10-27 13:59:14.236913308 -0400 @@ -44,13 +44,17 @@ init_system_domain(wpa_cli_t, wpa_cli_ex # networkmanager will ptrace itself if gdb is installed @@ -2212,8 +2212,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace ser allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms }; allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace serefpolicy-3.10.0/policy/modules/services/nis.if ---- serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace 2011-10-14 09:46:28.787529143 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nis.if 2011-10-14 09:46:29.188521464 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace 2011-10-27 13:59:13.380913959 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/nis.if 2011-10-27 13:59:14.239913308 -0400 @@ -390,16 +390,22 @@ interface(`nis_admin',` type ypbind_initrc_exec_t, nis_initrc_exec_t, ypxfr_t; ') @@ -2242,8 +2242,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace serefpolicy-3. nis_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace serefpolicy-3.10.0/policy/modules/services/nscd.if ---- serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace 2011-10-14 09:46:28.788529124 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nscd.if 2011-10-14 09:46:29.189521445 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace 2011-10-27 13:59:13.386913957 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/nscd.if 2011-10-27 13:59:14.241913306 -0400 @@ -321,8 +321,11 @@ interface(`nscd_admin',` type nscd_initrc_exec_t; ') @@ -2258,8 +2258,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, nscd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace serefpolicy-3.10.0/policy/modules/services/nscd.te ---- serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace 2011-10-14 09:46:28.789529105 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nscd.te 2011-10-14 09:46:29.190521426 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace 2011-10-27 13:59:13.388913955 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/nscd.te 2011-10-27 13:59:14.242913305 -0400 @@ -40,7 +40,7 @@ logging_log_file(nscd_log_t) # Local policy # @@ -2270,8 +2270,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace serefpolicy-3 allow nscd_t self:process { getattr getcap setcap setsched signal_perms }; allow nscd_t self:fifo_file read_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace serefpolicy-3.10.0/policy/modules/services/nslcd.if ---- serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace 2011-10-14 09:46:28.790529086 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/nslcd.if 2011-10-14 09:46:29.190521426 -0400 +--- serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace 2011-10-27 13:59:13.389913954 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/nslcd.if 2011-10-27 13:59:14.244913303 -0400 @@ -98,7 +98,10 @@ interface(`nslcd_admin',` ') @@ -2285,8 +2285,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace serefpolicy- # Allow nslcd_t to restart the apache service nslcd_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ntp.if ---- serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace 2011-10-14 09:46:28.792529048 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ntp.if 2011-10-14 09:46:29.191521406 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace 2011-10-27 13:59:13.396913947 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ntp.if 2011-10-27 13:59:14.246913301 -0400 @@ -204,8 +204,11 @@ interface(`ntp_admin',` type ntpd_key_t, ntpd_var_run_t, ntpd_initrc_exec_t; ') @@ -2301,8 +2301,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace serefpolicy-3. init_labeled_script_domtrans($1, ntpd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace serefpolicy-3.10.0/policy/modules/services/oident.if ---- serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace 2011-10-14 09:46:28.797528951 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/oident.if 2011-10-14 09:46:29.192521387 -0400 +--- serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace 2011-10-27 13:59:13.409913938 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/oident.if 2011-10-27 13:59:14.247913300 -0400 @@ -89,8 +89,11 @@ interface(`oident_admin',` type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t; ') @@ -2318,7 +2318,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace serefpolicy domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace serefpolicy-3.10.0/policy/modules/services/openvpn.if --- serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/openvpn.if 2011-10-14 09:46:29.192521387 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/openvpn.if 2011-10-27 13:59:14.250913297 -0400 @@ -144,8 +144,11 @@ interface(`openvpn_admin',` type openvpn_var_run_t, openvpn_initrc_exec_t; ') @@ -2333,8 +2333,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace serefpolic init_labeled_script_domtrans($1, openvpn_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace serefpolicy-3.10.0/policy/modules/services/pads.if ---- serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace 2011-10-14 09:46:28.801528875 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/pads.if 2011-10-14 09:46:29.193521367 -0400 +--- serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace 2011-10-27 13:59:13.417913932 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/pads.if 2011-10-27 13:59:14.254913295 -0400 @@ -31,8 +31,11 @@ interface(`pads_admin',` type pads_var_run_t; ') @@ -2349,8 +2349,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, pads_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace serefpolicy-3.10.0/policy/modules/services/pingd.if ---- serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace 2011-10-14 09:46:28.805528799 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/pingd.if 2011-10-14 09:46:29.194521347 -0400 +--- serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace 2011-10-27 13:59:13.426913925 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/pingd.if 2011-10-27 13:59:14.255913295 -0400 @@ -80,8 +80,11 @@ interface(`pingd_admin',` type pingd_initrc_exec_t; ') @@ -2365,8 +2365,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace serefpolicy- init_labeled_script_domtrans($1, pingd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace serefpolicy-3.10.0/policy/modules/services/piranha.te ---- serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace 2011-10-14 09:46:28.807528760 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/piranha.te 2011-10-14 09:46:29.195521328 -0400 +--- serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace 2011-10-27 13:59:13.431913920 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/piranha.te 2011-10-27 13:59:14.257913294 -0400 @@ -65,7 +65,11 @@ init_domtrans_script(piranha_fos_t) # @@ -2381,8 +2381,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace serefpolic allow piranha_web_t self:netlink_route_socket r_netlink_socket_perms; allow piranha_web_t self:sem create_sem_perms; diff -up serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace serefpolicy-3.10.0/policy/modules/services/plymouthd.if ---- serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace 2011-10-14 09:46:28.808528740 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/plymouthd.if 2011-10-14 09:46:29.196521310 -0400 +--- serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace 2011-10-27 13:59:13.434913919 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/plymouthd.if 2011-10-27 13:59:14.259913292 -0400 @@ -291,8 +291,11 @@ interface(`plymouthd_admin',` type plymouthd_var_run_t; ') @@ -2397,8 +2397,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace serefpol files_list_var_lib($1) admin_pattern($1, plymouthd_spool_t) diff -up serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace serefpolicy-3.10.0/policy/modules/services/policykit.te ---- serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace 2011-10-14 09:46:28.811528683 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/policykit.te 2011-10-14 09:46:29.197521291 -0400 +--- serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace 2011-10-27 13:59:13.444913911 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/policykit.te 2011-10-27 13:59:14.260913291 -0400 @@ -38,7 +38,7 @@ files_pid_file(policykit_var_run_t) # policykit local policy # @@ -2408,7 +2408,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace serefpol allow policykit_t self:process { getsched getattr signal }; allow policykit_t self:fifo_file rw_fifo_file_perms; allow policykit_t self:unix_dgram_socket create_socket_perms; -@@ -233,7 +233,7 @@ optional_policy(` +@@ -235,7 +235,7 @@ optional_policy(` # polkit_resolve local policy # @@ -2418,8 +2418,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace serefpol allow policykit_resolve_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace serefpolicy-3.10.0/policy/modules/services/polipo.if ---- serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace 2011-10-14 09:46:28.812528664 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/polipo.if 2011-10-14 09:46:29.197521291 -0400 +--- serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace 2011-10-27 13:59:13.447913908 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/polipo.if 2011-10-27 13:59:14.262913289 -0400 @@ -32,8 +32,11 @@ template(`polipo_role',` # Policy # @@ -2448,7 +2448,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace serefpolicy domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace serefpolicy-3.10.0/policy/modules/services/portreserve.if --- serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/portreserve.if 2011-10-14 09:46:29.198521272 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/portreserve.if 2011-10-27 13:59:14.264913287 -0400 @@ -104,8 +104,11 @@ interface(`portreserve_admin',` type portreserve_initrc_exec_t; ') @@ -2463,8 +2463,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace serefp portreserve_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace serefpolicy-3.10.0/policy/modules/services/postfix.if ---- serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace 2011-10-14 09:46:28.817528569 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/postfix.if 2011-10-14 09:46:29.199521253 -0400 +--- serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace 2011-10-27 13:59:13.457913902 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/postfix.if 2011-10-27 13:59:14.266913285 -0400 @@ -729,25 +729,36 @@ interface(`postfix_admin',` type postfix_smtpd_t, postfix_var_run_t; ') @@ -2510,8 +2510,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace serefpolic postfix_run_map($1, $2) diff -up serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if ---- serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace 2011-10-14 09:46:28.818528550 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if 2011-10-14 09:46:29.200521234 -0400 +--- serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace 2011-10-27 13:59:13.462913897 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if 2011-10-27 13:59:14.268913284 -0400 @@ -23,8 +23,11 @@ interface(`postfixpolicyd_admin',` type postfix_policyd_var_run_t, postfix_policyd_initrc_exec_t; ') @@ -2526,8 +2526,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace ser init_labeled_script_domtrans($1, postfix_policyd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace serefpolicy-3.10.0/policy/modules/services/postgresql.if ---- serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace 2011-10-14 09:46:28.820528510 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/postgresql.if 2011-10-14 09:46:29.200521234 -0400 +--- serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace 2011-10-27 13:59:13.466913895 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/postgresql.if 2011-10-27 13:59:14.270913284 -0400 @@ -541,8 +541,11 @@ interface(`postgresql_admin',` typeattribute $1 sepgsql_admin_type; @@ -2542,8 +2542,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace serefpo init_labeled_script_domtrans($1, postgresql_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace serefpolicy-3.10.0/policy/modules/services/postgrey.if ---- serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace 2011-10-14 09:46:28.823528453 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/postgrey.if 2011-10-14 09:46:29.202521196 -0400 +--- serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace 2011-10-27 13:59:13.469913892 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/postgrey.if 2011-10-27 13:59:14.271913283 -0400 @@ -62,8 +62,11 @@ interface(`postgrey_admin',` type postgrey_var_lib_t, postgrey_var_run_t; ') @@ -2558,8 +2558,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace serefpoli init_labeled_script_domtrans($1, postgrey_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ppp.if ---- serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace 2011-10-14 09:46:28.825528415 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ppp.if 2011-10-14 09:46:29.202521196 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace 2011-10-27 13:59:13.473913888 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ppp.if 2011-10-27 13:59:14.273913281 -0400 @@ -386,10 +386,14 @@ interface(`ppp_admin',` type pppd_initrc_exec_t, pppd_etc_rw_t; ') @@ -2578,8 +2578,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace serefpolicy-3. ppp_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace serefpolicy-3.10.0/policy/modules/services/prelude.if ---- serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace 2011-10-14 09:46:28.826528396 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/prelude.if 2011-10-14 09:46:29.203521177 -0400 +--- serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace 2011-10-27 13:59:13.476913887 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/prelude.if 2011-10-27 13:59:14.275913279 -0400 @@ -118,13 +118,18 @@ interface(`prelude_admin',` type prelude_lml_t; ') @@ -2604,7 +2604,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace serefpolic init_labeled_script_domtrans($1, prelude_initrc_exec_t) diff -up serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace serefpolicy-3.10.0/policy/modules/services/privoxy.if --- serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/privoxy.if 2011-10-14 09:46:29.204521158 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/privoxy.if 2011-10-27 13:59:14.276913278 -0400 @@ -23,8 +23,11 @@ interface(`privoxy_admin',` type privoxy_etc_rw_t, privoxy_var_run_t; ') @@ -2619,8 +2619,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace serefpolic init_labeled_script_domtrans($1, privoxy_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace serefpolicy-3.10.0/policy/modules/services/psad.if ---- serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace 2011-10-14 09:46:28.830528320 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/psad.if 2011-10-14 09:46:29.204521158 -0400 +--- serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace 2011-10-27 13:59:13.486913879 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/psad.if 2011-10-27 13:59:14.278913276 -0400 @@ -295,8 +295,11 @@ interface(`psad_admin',` type psad_tmp_t; ') @@ -2635,8 +2635,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, psad_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace serefpolicy-3.10.0/policy/modules/services/puppet.te ---- serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace 2011-10-14 09:46:28.833528261 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/puppet.te 2011-10-14 09:46:29.205521138 -0400 +--- serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace 2011-10-27 13:59:13.498913869 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/puppet.te 2011-10-27 13:59:14.280913274 -0400 @@ -62,7 +62,7 @@ files_tmp_file(puppetmaster_tmp_t) # Puppet personal policy # @@ -2647,8 +2647,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace serefpolicy allow puppet_t self:fifo_file rw_fifo_file_perms; allow puppet_t self:netlink_route_socket create_netlink_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace serefpolicy-3.10.0/policy/modules/services/pyzor.if ---- serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace 2011-10-14 09:46:28.834528242 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/pyzor.if 2011-10-14 09:46:29.206521119 -0400 +--- serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace 2011-10-27 13:59:13.502913868 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/pyzor.if 2011-10-27 13:59:14.281913273 -0400 @@ -29,7 +29,10 @@ interface(`pyzor_role',` # allow ps to show pyzor and allow the user to kill it @@ -2675,8 +2675,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace serefpolicy- init_labeled_script_domtrans($1, pyzord_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace serefpolicy-3.10.0/policy/modules/services/qpid.if ---- serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace 2011-10-14 09:46:28.839528147 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/qpid.if 2011-10-14 09:46:29.207521099 -0400 +--- serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace 2011-10-27 13:59:13.518913855 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/qpid.if 2011-10-27 13:59:14.283913273 -0400 @@ -177,8 +177,11 @@ interface(`qpidd_admin',` type qpidd_t, qpidd_initrc_exec_t; ') @@ -2692,7 +2692,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace serefpolicy-3 qpidd_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace serefpolicy-3.10.0/policy/modules/services/radius.if --- serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/radius.if 2011-10-14 09:46:29.207521099 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/radius.if 2011-10-27 13:59:14.285913273 -0400 @@ -38,8 +38,11 @@ interface(`radius_admin',` type radiusd_initrc_exec_t; ') @@ -2707,8 +2707,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace serefpolicy init_labeled_script_domtrans($1, radiusd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace serefpolicy-3.10.0/policy/modules/services/radvd.if ---- serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace 2011-10-14 09:46:28.840528128 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/radvd.if 2011-10-14 09:46:29.208521079 -0400 +--- serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace 2011-10-27 13:59:13.532913845 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/radvd.if 2011-10-27 13:59:14.286913272 -0400 @@ -23,8 +23,11 @@ interface(`radvd_admin',` type radvd_var_run_t; ') @@ -2723,8 +2723,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace serefpolicy- init_labeled_script_domtrans($1, radvd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace serefpolicy-3.10.0/policy/modules/services/razor.if ---- serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace 2011-10-14 09:46:28.842528089 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/razor.if 2011-10-14 09:46:29.209521060 -0400 +--- serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace 2011-10-27 13:59:13.535913842 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/razor.if 2011-10-27 13:59:14.288913270 -0400 @@ -132,7 +132,10 @@ interface(`razor_role',` # allow ps to show razor and allow the user to kill it @@ -2738,8 +2738,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace serefpolicy- manage_dirs_pattern($2, razor_home_t, razor_home_t) manage_files_pattern($2, razor_home_t, razor_home_t) diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace serefpolicy-3.10.0/policy/modules/services/rgmanager.if ---- serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace 2011-10-14 09:46:28.845528031 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rgmanager.if 2011-10-14 09:46:29.210521041 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace 2011-10-27 13:59:13.541913836 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/rgmanager.if 2011-10-27 13:59:14.290913268 -0400 @@ -117,8 +117,11 @@ interface(`rgmanager_admin',` type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t; ') @@ -2754,8 +2754,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace serefpol init_labeled_script_domtrans($1, rgmanager_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace serefpolicy-3.10.0/policy/modules/services/rgmanager.te ---- serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace 2011-10-14 09:46:28.847527993 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rgmanager.te 2011-10-14 09:46:29.211521022 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace 2011-10-27 13:59:13.543913836 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/rgmanager.te 2011-10-27 13:59:14.291913267 -0400 @@ -37,7 +37,6 @@ files_pid_file(rgmanager_var_run_t) # @@ -2765,8 +2765,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace serefpol dontaudit rgmanager_t self:process ptrace; diff -up serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if ---- serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace 2011-10-14 09:46:28.852527898 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if 2011-10-14 09:46:29.212521003 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace 2011-10-27 13:59:13.556913825 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if 2011-10-27 13:59:14.293913265 -0400 @@ -284,8 +284,11 @@ interface(`rhsmcertd_admin',` type rhsmcertd_var_run_t; ') @@ -2781,8 +2781,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace serefpol rhsmcertd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace serefpolicy-3.10.0/policy/modules/services/ricci.if ---- serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace 2011-10-14 09:46:28.854527859 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ricci.if 2011-10-14 09:46:29.213520984 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace 2011-10-27 13:59:13.560913823 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ricci.if 2011-10-27 13:59:14.295913263 -0400 @@ -245,8 +245,11 @@ interface(`ricci_admin',` type ricci_var_lib_t, ricci_var_log_t, ricci_var_run_t; ') @@ -2798,7 +2798,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace serefpolicy- domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace serefpolicy-3.10.0/policy/modules/services/roundup.if --- serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/roundup.if 2011-10-14 09:46:29.213520984 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/roundup.if 2011-10-27 13:59:14.296913262 -0400 @@ -23,8 +23,11 @@ interface(`roundup_admin',` type roundup_initrc_exec_t; ') @@ -2813,8 +2813,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace serefpolic init_labeled_script_domtrans($1, roundup_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace serefpolicy-3.10.0/policy/modules/services/rpcbind.if ---- serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace 2011-10-14 09:46:28.860527744 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rpcbind.if 2011-10-14 09:46:29.214520965 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace 2011-10-27 13:59:13.573913814 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/rpcbind.if 2011-10-27 13:59:14.298913260 -0400 @@ -155,8 +155,11 @@ interface(`rpcbind_admin',` type rpcbind_initrc_exec_t; ') @@ -2829,8 +2829,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace serefpolic init_labeled_script_domtrans($1, rpcbind_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace serefpolicy-3.10.0/policy/modules/services/rtkit.te ---- serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace 2011-10-14 09:46:28.864527668 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rtkit.te 2011-10-14 09:46:29.215520946 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace 2011-10-27 13:59:13.583913806 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/rtkit.te 2011-10-27 13:59:14.299913260 -0400 @@ -15,7 +15,7 @@ init_system_domain(rtkit_daemon_t, rtkit # rtkit_daemon local policy # @@ -2841,8 +2841,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace serefpolicy- kernel_read_system_state(rtkit_daemon_t) diff -up serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace serefpolicy-3.10.0/policy/modules/services/rwho.if ---- serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace 2011-10-14 09:46:28.864527668 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/rwho.if 2011-10-14 09:46:29.216520927 -0400 +--- serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace 2011-10-27 13:59:13.584913805 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/rwho.if 2011-10-27 13:59:14.301913260 -0400 @@ -138,8 +138,11 @@ interface(`rwho_admin',` type rwho_initrc_exec_t; ') @@ -2857,8 +2857,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, rwho_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace serefpolicy-3.10.0/policy/modules/services/samba.if ---- serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace 2011-10-14 09:46:28.866527629 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/samba.if 2011-10-14 09:46:29.216520927 -0400 +--- serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace 2011-10-27 13:59:13.587913802 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/samba.if 2011-10-27 13:59:14.303913259 -0400 @@ -784,13 +784,18 @@ interface(`samba_admin',` type winbind_var_run_t, winbind_tmp_t, samba_unconfined_script_t; ') @@ -2883,7 +2883,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace serefpolicy- samba_run_smbcontrol($1, $2, $3) diff -up serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace serefpolicy-3.10.0/policy/modules/services/samhain.if --- serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/samhain.if 2011-10-14 09:46:29.218520889 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/samhain.if 2011-10-27 13:59:14.306913256 -0400 @@ -271,10 +271,14 @@ interface(`samhain_admin',` type samhain_initrc_exec_t, samhain_log_t, samhain_var_run_t; ') @@ -2902,8 +2902,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace serefpolic files_list_var_lib($1) diff -up serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace serefpolicy-3.10.0/policy/modules/services/sanlock.if ---- serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace 2011-10-14 09:46:28.870527552 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sanlock.if 2011-10-14 09:46:29.218520889 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace 2011-10-27 13:59:13.590913799 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/sanlock.if 2011-10-27 13:59:14.307913255 -0400 @@ -99,8 +99,11 @@ interface(`sanlock_admin',` type sanlock_initrc_exec_t; ') @@ -2918,8 +2918,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace serefpolic sanlock_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace serefpolicy-3.10.0/policy/modules/services/sasl.if ---- serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace 2011-10-14 09:46:28.871527533 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sasl.if 2011-10-14 09:46:29.219520870 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace 2011-10-27 13:59:13.592913798 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/sasl.if 2011-10-27 13:59:14.309913253 -0400 @@ -42,8 +42,11 @@ interface(`sasl_admin',` type saslauthd_initrc_exec_t; ') @@ -2934,8 +2934,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, saslauthd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace serefpolicy-3.10.0/policy/modules/services/sblim.if ---- serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace 2011-10-14 09:46:28.873527495 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sblim.if 2011-10-14 09:46:29.220520851 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace 2011-10-27 13:59:13.596913797 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/sblim.if 2011-10-27 13:59:14.311913251 -0400 @@ -65,11 +65,15 @@ interface(`sblim_admin',` type sblim_var_run_t; ') @@ -2956,8 +2956,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace serefpolicy- files_search_pids($1) admin_pattern($1, sblim_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace serefpolicy-3.10.0/policy/modules/services/sblim.te ---- serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace 2011-10-14 09:46:28.873527495 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sblim.te 2011-10-14 09:46:29.221520832 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace 2011-10-27 13:59:13.597913796 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/sblim.te 2011-10-27 13:59:14.313913249 -0400 @@ -24,7 +24,7 @@ files_pid_file(sblim_var_run_t) # @@ -2968,8 +2968,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace serefpolicy- allow sblim_gatherd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace serefpolicy-3.10.0/policy/modules/services/sendmail.if ---- serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace 2011-10-14 09:46:28.874527476 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sendmail.if 2011-10-14 09:46:29.221520832 -0400 +--- serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace 2011-10-27 13:59:13.600913793 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/sendmail.if 2011-10-27 13:59:14.314913249 -0400 @@ -334,10 +334,14 @@ interface(`sendmail_admin',` type mail_spool_t; ') @@ -2988,8 +2988,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace serefpoli sendmail_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if ---- serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace 2011-10-14 09:46:28.875527457 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if 2011-10-14 09:46:29.222520812 -0400 +--- serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace 2011-10-27 13:59:13.602913791 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if 2011-10-27 13:59:14.316913248 -0400 @@ -140,8 +140,11 @@ interface(`setroubleshoot_admin',` type setroubleshoot_var_lib_t; ') @@ -3004,8 +3004,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace ser logging_list_logs($1) admin_pattern($1, setroubleshoot_var_log_t) diff -up serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace serefpolicy-3.10.0/policy/modules/services/smartmon.if ---- serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace 2011-10-14 09:46:28.877527419 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/smartmon.if 2011-10-14 09:46:29.223520792 -0400 +--- serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace 2011-10-27 13:59:13.606913787 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/smartmon.if 2011-10-27 13:59:14.318913246 -0400 @@ -42,8 +42,11 @@ interface(`smartmon_admin',` type fsdaemon_initrc_exec_t; ') @@ -3021,7 +3021,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace serefpoli domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace serefpolicy-3.10.0/policy/modules/services/smokeping.if --- serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/smokeping.if 2011-10-14 09:46:29.224520773 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/smokeping.if 2011-10-27 13:59:14.320913244 -0400 @@ -153,8 +153,11 @@ interface(`smokeping_admin',` type smokeping_t, smokeping_initrc_exec_t; ') @@ -3036,8 +3036,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace serefpol smokeping_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace serefpolicy-3.10.0/policy/modules/services/snmp.if ---- serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace 2011-10-14 09:46:28.880527360 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/snmp.if 2011-10-14 09:46:29.225520754 -0400 +--- serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace 2011-10-27 13:59:13.612913783 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/snmp.if 2011-10-27 13:59:14.322913242 -0400 @@ -168,8 +168,11 @@ interface(`snmp_admin',` type snmpd_var_lib_t, snmpd_var_run_t; ') @@ -3052,8 +3052,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace serefpolicy-3 init_labeled_script_domtrans($1, snmpd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace serefpolicy-3.10.0/policy/modules/services/snmp.te ---- serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace 2011-10-14 09:46:28.880527360 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/snmp.te 2011-10-14 09:46:29.225520754 -0400 +--- serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace 2011-10-27 13:59:13.613913782 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/snmp.te 2011-10-27 13:59:14.323913241 -0400 @@ -26,7 +26,8 @@ files_type(snmpd_var_lib_t) # Local policy # @@ -3065,8 +3065,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace serefpolicy-3 allow snmpd_t self:process { signal_perms getsched setsched }; allow snmpd_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace serefpolicy-3.10.0/policy/modules/services/snort.if ---- serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace 2011-10-14 09:46:28.881527341 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/snort.if 2011-10-14 09:46:29.226520735 -0400 +--- serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace 2011-10-27 13:59:13.615913780 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/snort.if 2011-10-27 13:59:14.325913241 -0400 @@ -41,8 +41,11 @@ interface(`snort_admin',` type snort_etc_t, snort_initrc_exec_t; ') @@ -3081,8 +3081,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace serefpolicy- init_labeled_script_domtrans($1, snort_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace serefpolicy-3.10.0/policy/modules/services/soundserver.if ---- serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace 2011-10-14 09:46:28.882527322 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/soundserver.if 2011-10-14 09:46:29.227520716 -0400 +--- serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace 2011-10-27 13:59:13.617913779 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/soundserver.if 2011-10-27 13:59:14.327913241 -0400 @@ -37,8 +37,11 @@ interface(`soundserver_admin',` type soundd_tmp_t, soundd_var_run_t; ') @@ -3097,8 +3097,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace serefp init_labeled_script_domtrans($1, soundd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace serefpolicy-3.10.0/policy/modules/services/spamassassin.if ---- serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace 2011-10-14 09:46:28.883527303 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/spamassassin.if 2011-10-14 09:46:29.228520697 -0400 +--- serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace 2011-10-27 13:59:13.620913779 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/spamassassin.if 2011-10-27 13:59:14.328913240 -0400 @@ -27,12 +27,12 @@ interface(`spamassassin_role',` domtrans_pattern($2, spamassassin_exec_t, spamassassin_t) @@ -3128,8 +3128,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace seref init_labeled_script_domtrans($1, spamd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace serefpolicy-3.10.0/policy/modules/services/squid.if ---- serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace 2011-10-14 09:46:28.885527265 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/squid.if 2011-10-14 09:46:29.228520697 -0400 +--- serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace 2011-10-27 13:59:13.625913774 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/squid.if 2011-10-27 13:59:14.330913238 -0400 @@ -209,8 +209,11 @@ interface(`squid_admin',` type squid_log_t, squid_var_run_t, squid_initrc_exec_t; ') @@ -3144,8 +3144,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace serefpolicy- init_labeled_script_domtrans($1, squid_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace serefpolicy-3.10.0/policy/modules/services/ssh.if ---- serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace 2011-10-14 09:46:29.066523798 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-14 09:46:29.229520678 -0400 +--- serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace 2011-10-27 13:59:13.963913517 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-27 13:59:14.332913236 -0400 @@ -367,7 +367,7 @@ template(`ssh_role_template',` # allow ps to show ssh @@ -3165,9 +3165,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace serefpolicy-3. # allow ps to show ssh ps_process_pattern($3, $1_ssh_agent_t) diff -up serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace serefpolicy-3.10.0/policy/modules/services/sssd.if ---- serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace 2011-10-14 09:46:28.890527168 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/sssd.if 2011-10-14 09:46:29.230520659 -0400 -@@ -232,8 +232,11 @@ interface(`sssd_admin',` +--- serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace 2011-10-27 13:59:13.634913766 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/sssd.if 2011-10-27 13:59:14.334913234 -0400 +@@ -234,8 +234,11 @@ interface(`sssd_admin',` type sssd_t, sssd_public_t, sssd_initrc_exec_t; ') @@ -3181,8 +3181,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace serefpolicy-3 # Allow sssd_t to restart the apache service sssd_initrc_domtrans($1) diff -up serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/tcsd.if ---- serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace 2011-10-14 09:46:28.895527073 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/tcsd.if 2011-10-14 09:46:29.231520640 -0400 +--- serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace 2011-10-27 13:59:13.643913760 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/tcsd.if 2011-10-27 13:59:14.336913232 -0400 @@ -137,8 +137,11 @@ interface(`tcsd_admin',` type tcsd_var_lib_t; ') @@ -3197,8 +3197,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace serefpolicy-3 tcsd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace serefpolicy-3.10.0/policy/modules/services/tftp.if ---- serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace 2011-10-14 09:46:28.897527035 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/tftp.if 2011-10-14 09:46:29.231520640 -0400 +--- serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace 2011-10-27 13:59:13.648913755 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/tftp.if 2011-10-27 13:59:14.338913230 -0400 @@ -109,8 +109,11 @@ interface(`tftp_admin',` type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_var_run_t; ') @@ -3213,8 +3213,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace serefpolicy-3 files_list_var_lib($1) admin_pattern($1, tftpdir_rw_t) diff -up serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace serefpolicy-3.10.0/policy/modules/services/tor.if ---- serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace 2011-10-14 09:46:28.899526997 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/tor.if 2011-10-14 09:46:29.232520621 -0400 +--- serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace 2011-10-27 13:59:13.653913753 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/tor.if 2011-10-27 13:59:14.339913230 -0400 @@ -42,8 +42,11 @@ interface(`tor_admin',` type tor_initrc_exec_t; ') @@ -3229,8 +3229,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace serefpolicy-3. init_labeled_script_domtrans($1, tor_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace serefpolicy-3.10.0/policy/modules/services/tuned.if ---- serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace 2011-10-14 09:46:28.900526978 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/tuned.if 2011-10-14 09:46:29.233520602 -0400 +--- serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace 2011-10-27 13:59:13.656913750 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/tuned.if 2011-10-27 13:59:14.341913229 -0400 @@ -115,8 +115,11 @@ interface(`tuned_admin',` type tuned_t, tuned_var_run_t, tuned_initrc_exec_t; ') @@ -3246,7 +3246,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace serefpolicy- domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ulogd.if --- serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/ulogd.if 2011-10-14 09:46:29.234520583 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/ulogd.if 2011-10-27 13:59:14.343913227 -0400 @@ -123,8 +123,11 @@ interface(`ulogd_admin',` type ulogd_var_log_t, ulogd_initrc_exec_t; ') @@ -3262,7 +3262,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace serefpolicy- domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace serefpolicy-3.10.0/policy/modules/services/uucp.if --- serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/uucp.if 2011-10-14 09:46:29.234520583 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/uucp.if 2011-10-27 13:59:14.344913226 -0400 @@ -99,8 +99,11 @@ interface(`uucp_admin',` type uucpd_var_run_t; ') @@ -3277,8 +3277,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace serefpolicy-3 logging_list_logs($1) admin_pattern($1, uucpd_log_t) diff -up serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace serefpolicy-3.10.0/policy/modules/services/uuidd.if ---- serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace 2011-10-14 09:46:28.906526862 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/uuidd.if 2011-10-14 09:46:29.235520564 -0400 +--- serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace 2011-10-27 13:59:13.669913741 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/uuidd.if 2011-10-27 13:59:14.346913224 -0400 @@ -177,8 +177,11 @@ interface(`uuidd_admin',` type uuidd_var_run_t; ') @@ -3294,7 +3294,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace serefpolicy- domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace serefpolicy-3.10.0/policy/modules/services/varnishd.if --- serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace 2011-06-27 14:18:04.000000000 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/varnishd.if 2011-10-14 09:46:29.236520544 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/varnishd.if 2011-10-27 13:59:14.347913223 -0400 @@ -155,8 +155,11 @@ interface(`varnishd_admin_varnishlog',` type varnishlog_var_run_t; ') @@ -3322,8 +3322,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace serefpoli init_labeled_script_domtrans($1, varnishd_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace serefpolicy-3.10.0/policy/modules/services/vdagent.if ---- serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace 2011-10-14 09:46:28.908526824 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/vdagent.if 2011-10-14 09:46:29.236520544 -0400 +--- serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace 2011-10-27 13:59:13.674913736 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/vdagent.if 2011-10-27 13:59:14.349913222 -0400 @@ -118,8 +118,11 @@ interface(`vdagent_admin',` type vdagent_var_run_t; ') @@ -3338,8 +3338,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace serefpolic files_search_pids($1) admin_pattern($1, vdagent_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace serefpolicy-3.10.0/policy/modules/services/vhostmd.if ---- serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace 2011-10-14 09:46:28.909526805 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/vhostmd.if 2011-10-14 09:46:29.237520524 -0400 +--- serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace 2011-10-27 13:59:13.676913734 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/vhostmd.if 2011-10-27 13:59:14.350913222 -0400 @@ -210,8 +210,11 @@ interface(`vhostmd_admin',` type vhostmd_t, vhostmd_initrc_exec_t; ') @@ -3354,8 +3354,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace serefpolic vhostmd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace serefpolicy-3.10.0/policy/modules/services/virt.if ---- serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace 2011-10-14 09:46:28.911526767 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-10-14 09:46:29.238520505 -0400 +--- serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace 2011-10-27 13:59:13.682913731 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-10-27 13:59:14.352913222 -0400 @@ -618,10 +618,14 @@ interface(`virt_admin',` type virt_lxc_t; ') @@ -3383,9 +3383,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace serefpolicy-3 ######################################## diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3.10.0/policy/modules/services/virt.te ---- serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace 2011-10-14 09:46:29.010524870 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-10-14 09:46:29.239520486 -0400 -@@ -247,7 +247,7 @@ optional_policy(` +--- serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace 2011-10-27 13:59:13.870913588 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-10-27 14:00:38.019849097 -0400 +@@ -254,7 +254,7 @@ optional_policy(` # virtd local policy # @@ -3394,17 +3394,17 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3 allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsockcreate setsched }; ifdef(`hide_broken_symptoms',` # caused by some bogus kernel code -@@ -838,7 +838,6 @@ optional_policy(` +@@ -845,7 +845,6 @@ optional_policy(` # virt_lxc_domain local policy # - allow svirt_lxc_domain self:capability { setuid setgid dac_override }; + allow svirt_lxc_domain self:capability { kill setuid setgid dac_override }; -dontaudit svirt_lxc_domain self:capability sys_ptrace; allow virtd_t svirt_lxc_domain:process { signal_perms }; allow virtd_lxc_t svirt_lxc_domain:process { getattr getsched setsched transition signal signull sigkill }; diff -up serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace serefpolicy-3.10.0/policy/modules/services/vnstatd.if ---- serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace 2011-10-14 09:46:28.915526689 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/vnstatd.if 2011-10-14 09:46:29.240520467 -0400 +--- serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace 2011-10-27 13:59:13.687913727 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/vnstatd.if 2011-10-27 13:59:14.357913217 -0400 @@ -136,8 +136,11 @@ interface(`vnstatd_admin',` type vnstatd_t, vnstatd_var_lib_t; ') @@ -3419,8 +3419,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace serefpolic files_list_var_lib($1) admin_pattern($1, vnstatd_var_lib_t) diff -up serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace serefpolicy-3.10.0/policy/modules/services/wdmd.if ---- serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace 2011-10-14 09:46:28.917526651 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/wdmd.if 2011-10-14 09:46:29.241520448 -0400 +--- serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace 2011-10-27 13:59:13.692913722 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/wdmd.if 2011-10-27 13:59:14.359913215 -0400 @@ -62,8 +62,11 @@ interface(`wdmd_admin',` type wdmd_initrc_exec_t; ') @@ -3435,8 +3435,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace serefpolicy-3 wdmd_initrc_domtrans($1) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace serefpolicy-3.10.0/policy/modules/services/xserver.te ---- serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace 2011-10-14 09:46:29.069523739 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-14 09:46:29.242520429 -0400 +--- serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace 2011-10-27 13:59:13.970913510 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-27 13:59:14.362913212 -0400 @@ -417,8 +417,13 @@ optional_policy(` # XDM Local policy # @@ -3453,7 +3453,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace serefpolic allow xdm_t self:fifo_file rw_fifo_file_perms; allow xdm_t self:shm create_shm_perms; allow xdm_t self:sem create_sem_perms; -@@ -929,7 +934,8 @@ allow xserver_t input_xevent_t:x_event s +@@ -930,7 +935,8 @@ allow xserver_t input_xevent_t:x_event s # execheap needed until the X module loader is fixed. # NVIDIA Needs execstack @@ -3464,8 +3464,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace serefpolic allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; allow xserver_t self:fd use; diff -up serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace serefpolicy-3.10.0/policy/modules/services/zabbix.if ---- serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace 2011-10-14 09:46:28.923526537 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/zabbix.if 2011-10-14 09:46:29.243520410 -0400 +--- serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace 2011-10-27 13:59:13.706913711 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/zabbix.if 2011-10-27 13:59:14.364913210 -0400 @@ -142,8 +142,11 @@ interface(`zabbix_admin',` type zabbix_initrc_exec_t; ') @@ -3480,8 +3480,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace serefpolicy init_labeled_script_domtrans($1, zabbix_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace serefpolicy-3.10.0/policy/modules/services/zebra.if ---- serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace 2011-10-14 09:46:28.926526478 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/zebra.if 2011-10-14 09:46:29.244520391 -0400 +--- serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace 2011-10-27 13:59:13.713913708 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/zebra.if 2011-10-27 13:59:14.365913209 -0400 @@ -64,8 +64,11 @@ interface(`zebra_admin',` type zebra_conf_t, zebra_var_run_t, zebra_initrc_exec_t; ') @@ -3496,8 +3496,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace serefpolicy- init_labeled_script_domtrans($1, zebra_initrc_exec_t) domain_system_change_exemption($1) diff -up serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace serefpolicy-3.10.0/policy/modules/system/hotplug.te ---- serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace 2011-10-14 09:46:28.938526248 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/hotplug.te 2011-10-14 09:46:29.245520372 -0400 +--- serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace 2011-10-27 13:59:13.737913688 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/hotplug.te 2011-10-27 13:59:14.371913207 -0400 @@ -23,7 +23,7 @@ files_pid_file(hotplug_var_run_t) # @@ -3508,8 +3508,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace serefpolicy- dontaudit hotplug_t self:capability { dac_override dac_read_search }; allow hotplug_t self:process { setpgid getsession getattr signal_perms }; diff -up serefpolicy-3.10.0/policy/modules/system/init.if.ptrace serefpolicy-3.10.0/policy/modules/system/init.if ---- serefpolicy-3.10.0/policy/modules/system/init.if.ptrace 2011-10-14 09:46:28.940526210 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/init.if 2011-10-14 09:46:29.246520353 -0400 +--- serefpolicy-3.10.0/policy/modules/system/init.if.ptrace 2011-10-27 13:59:13.742913685 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/init.if 2011-10-27 13:59:14.374913204 -0400 @@ -1123,7 +1123,9 @@ interface(`init_ptrace',` type init_t; ') @@ -3522,8 +3522,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.if.ptrace serefpolicy-3.1 ######################################## diff -up serefpolicy-3.10.0/policy/modules/system/init.te.ptrace serefpolicy-3.10.0/policy/modules/system/init.te ---- serefpolicy-3.10.0/policy/modules/system/init.te.ptrace 2011-10-14 09:46:29.044524218 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-10-14 09:46:29.247520334 -0400 +--- serefpolicy-3.10.0/policy/modules/system/init.te.ptrace 2011-10-27 13:59:13.924913545 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-10-27 13:59:14.376913202 -0400 @@ -121,7 +121,7 @@ ifdef(`enable_mls',` # @@ -3544,8 +3544,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.te.ptrace serefpolicy-3.1 allow initrc_t self:passwd rootok; allow initrc_t self:key manage_key_perms; diff -up serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace serefpolicy-3.10.0/policy/modules/system/ipsec.te ---- serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace 2011-10-14 09:46:28.944526134 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/ipsec.te 2011-10-14 09:46:29.248520315 -0400 +--- serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace 2011-10-27 13:59:13.749913679 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/ipsec.te 2011-10-27 13:59:14.378913200 -0400 @@ -73,7 +73,7 @@ role system_r types setkey_t; # @@ -3577,8 +3577,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace serefpolicy-3. domain_dontaudit_getattr_all_pipes(ipsec_mgmt_t) diff -up serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace serefpolicy-3.10.0/policy/modules/system/iscsi.te ---- serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace 2011-10-14 09:46:28.946526096 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/iscsi.te 2011-10-14 09:46:29.249520296 -0400 +--- serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace 2011-10-27 13:59:13.754913674 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/iscsi.te 2011-10-27 13:59:14.379913199 -0400 @@ -31,7 +31,6 @@ files_pid_file(iscsi_var_run_t) # @@ -3588,8 +3588,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace serefpolicy-3. allow iscsid_t self:fifo_file rw_fifo_file_perms; allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto }; diff -up serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace serefpolicy-3.10.0/policy/modules/system/locallogin.te ---- serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace 2011-10-14 09:46:28.951525999 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/locallogin.te 2011-10-14 09:46:29.249520296 -0400 +--- serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace 2011-10-27 13:59:13.763913669 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/locallogin.te 2011-10-27 13:59:14.381913198 -0400 @@ -35,7 +35,7 @@ role system_r types sulogin_t; # Local login local policy # @@ -3600,8 +3600,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace serefpoli allow local_login_t self:fd use; allow local_login_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace serefpolicy-3.10.0/policy/modules/system/logging.if ---- serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace 2011-10-14 09:46:28.952525980 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/logging.if 2011-10-14 09:46:29.250520277 -0400 +--- serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace 2011-10-27 13:59:13.767913665 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/logging.if 2011-10-27 13:59:14.391913190 -0400 @@ -1095,9 +1095,13 @@ interface(`logging_admin_audit',` type auditd_initrc_exec_t; ') @@ -3635,8 +3635,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace serefpolicy- manage_dirs_pattern($1, klogd_var_run_t, klogd_var_run_t) manage_files_pattern($1, klogd_var_run_t, klogd_var_run_t) diff -up serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace serefpolicy-3.10.0/policy/modules/system/mount.te ---- serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace 2011-10-14 09:46:28.962525788 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/mount.te 2011-10-14 09:46:29.251520257 -0400 +--- serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace 2011-10-27 13:59:13.786913650 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/mount.te 2011-10-27 13:59:14.393913188 -0400 @@ -48,7 +48,11 @@ role system_r types showmount_t; # setuid/setgid needed to mount cifs @@ -3651,8 +3651,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace serefpolicy-3. allow mount_t self:unix_stream_socket create_stream_socket_perms; allow mount_t self:unix_dgram_socket create_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace serefpolicy-3.10.0/policy/modules/system/sysnetwork.te ---- serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace 2011-10-14 09:46:28.970525636 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/sysnetwork.te 2011-10-14 09:46:29.252520237 -0400 +--- serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace 2011-10-27 13:59:13.805913638 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/sysnetwork.te 2011-10-27 13:59:14.394913187 -0400 @@ -51,10 +51,13 @@ files_config_file(net_conf_t) # DHCP client local policy # @@ -3670,8 +3670,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace serefpoli allow dhcpc_t self:fifo_file rw_fifo_file_perms; allow dhcpc_t self:tcp_socket create_stream_socket_perms; diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace serefpolicy-3.10.0/policy/modules/system/udev.te ---- serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace 2011-10-14 09:46:28.974525558 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/udev.te 2011-10-14 09:46:29.252520237 -0400 +--- serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace 2011-10-27 13:59:13.813913630 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/udev.te 2011-10-27 13:59:14.396913187 -0400 @@ -34,7 +34,7 @@ ifdef(`enable_mcs',` # Local policy # @@ -3695,8 +3695,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace serefpolicy-3.1 allow udev_t self:fd use; allow udev_t self:fifo_file rw_fifo_file_perms; diff -up serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace serefpolicy-3.10.0/policy/modules/system/unconfined.if ---- serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace 2011-10-14 09:46:28.992525214 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/unconfined.if 2011-10-14 09:46:29.253520218 -0400 +--- serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace 2011-10-27 13:59:13.851913603 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/unconfined.if 2011-10-27 13:59:14.397913187 -0400 @@ -18,7 +18,12 @@ interface(`unconfined_domain_noaudit',` ') @@ -3712,8 +3712,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace serefpoli allow $1 self:fifo_file { manage_fifo_file_perms relabelfrom relabelto }; diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace serefpolicy-3.10.0/policy/modules/system/userdomain.if ---- serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace 2011-10-14 09:46:29.071523701 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-14 09:46:29.255520180 -0400 +--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace 2011-10-27 13:59:13.975913508 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-27 13:59:14.403913182 -0400 @@ -40,7 +40,10 @@ template(`userdom_base_user_template',` role $1_r types $1_t; allow system_r $1_r; @@ -3747,7 +3747,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace serefpoli allow $1_t self:capability2 syslog; allow $1_t self:process { setexec setfscreate }; allow $1_t self:netlink_audit_socket nlmsg_readpriv; -@@ -3657,7 +3663,9 @@ interface(`userdom_ptrace_all_users',` +@@ -3693,7 +3699,9 @@ interface(`userdom_ptrace_all_users',` attribute userdomain; ') @@ -3759,8 +3759,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace serefpoli ######################################## diff -up serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace serefpolicy-3.10.0/policy/modules/system/xen.te ---- serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace 2011-10-14 09:46:28.984525366 -0400 -+++ serefpolicy-3.10.0/policy/modules/system/xen.te 2011-10-14 09:46:29.256520161 -0400 +--- serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace 2011-10-27 13:59:13.832913615 -0400 ++++ serefpolicy-3.10.0/policy/modules/system/xen.te 2011-10-27 13:59:14.404913181 -0400 @@ -206,7 +206,6 @@ tunable_policy(`xend_run_qemu',` # diff --git a/qemu.patch b/qemu.patch index 5f5ea80..3590467 100644 --- a/qemu.patch +++ b/qemu.patch @@ -1,6 +1,6 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/qemu.te.qemu serefpolicy-3.10.0/policy/modules/apps/qemu.te ---- serefpolicy-3.10.0/policy/modules/apps/qemu.te.qemu 2011-10-27 10:18:21.010189947 -0400 -+++ serefpolicy-3.10.0/policy/modules/apps/qemu.te 2011-10-27 10:18:22.989187237 -0400 +--- serefpolicy-3.10.0/policy/modules/apps/qemu.te.qemu 2011-10-27 14:01:31.490807653 -0400 ++++ serefpolicy-3.10.0/policy/modules/apps/qemu.te 2011-10-27 14:01:33.082806413 -0400 @@ -40,9 +40,7 @@ gen_tunable(qemu_use_nfs, true) ## gen_tunable(qemu_use_usb, true) @@ -12,8 +12,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/qemu.te.qemu serefpolicy-3.10.0/ ######################################## diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.qemu serefpolicy-3.10.0/policy/modules/services/virt.if ---- serefpolicy-3.10.0/policy/modules/services/virt.if.qemu 2011-10-27 10:18:22.901187358 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-10-27 10:18:22.992187233 -0400 +--- serefpolicy-3.10.0/policy/modules/services/virt.if.qemu 2011-10-27 14:01:33.036806448 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-10-27 14:01:33.084806412 -0400 @@ -16,10 +16,11 @@ template(`virt_domain_template',` attribute virt_image_type, virt_domain; attribute virt_tmpfs_type; @@ -50,8 +50,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.qemu serefpolicy-3.1 +') + diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.qemu serefpolicy-3.10.0/policy/modules/services/virt.te ---- serefpolicy-3.10.0/policy/modules/services/virt.te.qemu 2011-10-27 10:18:22.903187356 -0400 -+++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-10-27 10:19:28.334099091 -0400 +--- serefpolicy-3.10.0/policy/modules/services/virt.te.qemu 2011-10-27 14:01:33.038806446 -0400 ++++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-10-27 14:02:18.478770938 -0400 @@ -73,11 +73,14 @@ gen_tunable(virt_use_usb, true) virt_domain_template(svirt) @@ -76,15 +76,10 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.qemu serefpolicy-3.1 allow virtd_t qemu_var_run_t:file relabel_file_perms; manage_dirs_pattern(virtd_t, qemu_var_run_t, qemu_var_run_t) manage_files_pattern(virtd_t, qemu_var_run_t, qemu_var_run_t) -@@ -514,16 +519,6 @@ optional_policy(` +@@ -514,11 +519,6 @@ optional_policy(` ') optional_policy(` -- qemu_domtrans(virtd_t) -- qemu_read_state(virtd_t) -- qemu_signal(virtd_t) -- qemu_kill(virtd_t) -- qemu_setsched(virtd_t) - qemu_entry_type(virt_domain) - qemu_exec(virt_domain) -')