diff --git a/policy-20080710.patch b/policy-20080710.patch
index 684ed37..31c2d9a 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -490,9 +490,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
init_use_fds(consoletype_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.5.13/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 2008-10-14 11:58:10.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/admin/kismet.te 2008-10-28 10:56:19.000000000 -0400
-@@ -28,8 +28,9 @@
++++ serefpolicy-3.5.13/policy/modules/admin/kismet.te 2008-11-03 14:20:02.000000000 -0500
+@@ -26,10 +26,12 @@
+ #
+
allow kismet_t self:capability { net_admin net_raw setuid setgid };
++allow kismet_t self:process signal;
allow kismet_t self:fifo_file rw_file_perms;
allow kismet_t self:packet_socket create_socket_perms;
-allow kismet_t self:unix_dgram_socket create_socket_perms;
@@ -502,7 +505,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
allow kismet_t kismet_log_t:dir setattr;
-@@ -43,10 +44,18 @@
+@@ -43,10 +45,18 @@
allow kismet_t kismet_var_run_t:dir manage_dir_perms;
files_pid_filetrans(kismet_t, kismet_var_run_t, { file dir })
@@ -640,7 +643,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.5.13/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/admin/rpm.fc 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/admin/rpm.fc 2008-11-03 11:39:36.000000000 -0500
@@ -11,7 +11,8 @@
/usr/sbin/system-install-packages -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -651,7 +654,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/share/yumex/yumex -- gen_context(system_u:object_r:rpm_exec_t,s0)
ifdef(`distro_redhat', `
-@@ -21,6 +22,9 @@
+@@ -21,14 +22,17 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/up2date -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -661,17 +664,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
-@@ -29,6 +33,7 @@
- /var/log/rpmpkgs.* -- gen_context(system_u:object_r:rpm_log_t,s0)
+ /var/lib/rpm(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
+-
+-/var/log/rpmpkgs.* -- gen_context(system_u:object_r:rpm_log_t,s0)
/var/log/yum\.log.* -- gen_context(system_u:object_r:rpm_log_t,s0)
+/var/run/yum.* -- gen_context(system_u:object_r:rpm_var_run_t,s0)
++/var/run/PackageKit(/.*)? gen_context(system_u:object_r:rpm_var_run_t,s0)
# SuSE
ifdef(`distro_suse', `
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.5.13/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/admin/rpm.if 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/admin/rpm.if 2008-11-03 11:41:00.000000000 -0500
@@ -152,6 +152,24 @@
########################################
@@ -746,7 +751,32 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Create, read, write, and delete the RPM log.
##
##
-@@ -210,6 +270,24 @@
+@@ -192,6 +252,24 @@
+
+ ########################################
+ ##
++## Create, read, write, and delete the RPM log.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`rpm_search_log',`
++ gen_require(`
++ type rpm_log_t;
++ ')
++
++ allow $1 rpm_log_t:dir search_dir_perms;
++')
++
++########################################
++##
+ ## Inherit and use file descriptors from RPM scripts.
+ ##
+ ##
+@@ -210,6 +288,24 @@
########################################
##
@@ -771,7 +801,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Create, read, write, and delete RPM
## script temporary files.
##
-@@ -225,7 +303,29 @@
+@@ -225,7 +321,29 @@
')
files_search_tmp($1)
@@ -801,7 +831,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -289,3 +389,175 @@
+@@ -289,3 +407,175 @@
dontaudit $1 rpm_var_lib_t:file manage_file_perms;
dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
')
@@ -1833,7 +1863,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+HOME_DIR/.pulse(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.5.13/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/apps/gnome.if 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/apps/gnome.if 2008-10-30 16:10:55.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
type gconfd_exec_t, gconf_etc_t;
@@ -4394,8 +4424,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-29 12:10:02.000000000 -0400
-@@ -0,0 +1,257 @@
++++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-30 16:17:36.000000000 -0400
+@@ -0,0 +1,267 @@
+
+policy_module(nsplugin, 1.0.0)
+
@@ -4546,6 +4576,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ gnome_exec_gconf(nsplugin_t)
+ gnome_manage_user_gnome_config(user, nsplugin_t)
++ gnome_read_gconf_home_files(nsplugin_t)
+ allow nsplugin_t gnome_home_t:sock_file write;
+')
+
@@ -4653,6 +4684,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ mozilla_read_user_home_files(user, nsplugin_config_t)
+')
++
++optional_policy(`
++ gen_require(`
++ type unconfined_mono_t;
++ ')
++ allow nsplugin_t unconfined_mono_t:process signull;
++')
++
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.5.13/policy/modules/apps/openoffice.fc
--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.5.13/policy/modules/apps/openoffice.fc 2008-10-28 10:56:19.000000000 -0400
@@ -8913,7 +8953,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+#gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.if serefpolicy-3.5.13/policy/modules/roles/unprivuser.if
--- nsaserefpolicy/policy/modules/roles/unprivuser.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/unprivuser.if 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/roles/unprivuser.if 2008-10-30 13:58:02.000000000 -0400
@@ -62,6 +62,26 @@
files_home_filetrans($1, user_home_dir_t, dir)
')
@@ -8974,10 +9014,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+#
+interface(`unprivuser_dontaudit_list_home_dirs',`
+ gen_require(`
-+ type user_home_t;
++ type user_home_t, user_home_dir_t;
+ ')
+
-+ dontaudit $1 user_home_t:dir list_dir_perms;
++ dontaudit $1 { user_home_dir_t user_home_t }:dir list_dir_perms;
')
########################################
@@ -12121,6 +12161,247 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.fc serefpolicy-3.5.13/policy/modules/services/certmaster.fc
+--- nsaserefpolicy/policy/modules/services/certmaster.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/certmaster.fc 2008-10-30 14:43:22.000000000 -0400
+@@ -0,0 +1,11 @@
++
++/etc/rc\.d/init\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
++/usr/bin/certmaster -- gen_context(system_u:object_r:certmaster_exec_t,s0)
++
++/etc/certmaster(/.*)? gen_context(system_u:object_r:certmaster_etc_rw_t,s0)
++
++/etc/pki/certmaster(/.*)? gen_context(system_u:object_r:certmaster_cert_t,s0)
++
++/var/run/certmaster.* gen_context(system_u:object_r:certmaster_var_run_t,s0)
++
++/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.5.13/policy/modules/services/certmaster.if
+--- nsaserefpolicy/policy/modules/services/certmaster.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-10-30 14:44:58.000000000 -0400
+@@ -0,0 +1,133 @@
++## policy for certmaster
++
++########################################
++##
++## Execute a domain transition to run certmaster.
++##
++##
++##
++## Domain allowed to transition.
++##
++##
++#
++interface(`certmaster_domtrans',`
++ gen_require(`
++ type certmaster_t, certmaster_exec_t;
++ ')
++
++ domain_auto_trans($1,certmaster_exec_t,certmaster_t)
++
++ allow certmaster_t $1:fd use;
++ allow certmaster_t $1:fifo_file rw_file_perms;
++ allow certmaster_t $1:process sigchld;
++')
++
++#######################################
++###
++### read
++### certmaster logs.
++###
++###
++###
++### Domain allowed access.
++###
++###
++##
++#
++interface(`certmaster_read_log',`
++ gen_require(`
++ type certmaster_var_log_t;
++ ')
++
++ read_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
++')
++
++#######################################
++###
++### Append to certmaster logs.
++###
++###
++###
++### Domain allowed access.
++###
++###
++##
++#
++interface(`certmaster_append_log',`
++ gen_require(`
++ type certmaster_var_log_t;
++ ')
++
++ append_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
++')
++
++#######################################
++###
++### Create, read, write, and delete
++### certmaster logs.
++###
++###
++###
++### Domain allowed access.
++###
++###
++##
++#
++interface(`certmaster_manage_log',`
++ gen_require(`
++ type certmaster_var_log_t;
++ ')
++
++ manage_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
++ manage_lnk_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
++')
++
++########################################
++###
++### All of the rules required to administrate
++### an snort environment
++###
++###
++###
++### Domain allowed access.
++###
++###
++###
++###
++### The role to be allowed to manage the syslog domain.
++###
++###
++###
++##
++
++interface(`certmaster_admin',`
++ gen_require(`
++ type certmaster_t, certmaster_var_run_t, certmaster_var_lib_t;
++ type certmaster_etc_rw_t, certmaster_var_log_t;
++ certmaster_initrc_exec_t;
++ ')
++
++ allow $1 certmaster_t:process { ptrace signal_perms };
++ ps_process_pattern($1, certmaster_t)
++
++ init_labeled_script_domtrans($1, certmaster_initrc_exec_t)
++ domain_system_change_exemption($1)
++ role_transition $2 certmaster_initrc_exec_t system_r;
++ allow $2 system_r;
++
++ files_list_etc($1)
++ miscfiles_manage_cert_dirs($1)
++ miscfiles_manage_cert_files($1)
++
++ admin_pattern($1, certmaster_etc_rw_t)
++
++ files_list_pids($1)
++ admin_pattern($1, certmaster_var_run_t)
++
++ logging_list_logs($1)
++ admin_pattern($1, certmaster_var_log_t)
++
++ files_list_var_lib($1)
++ admin_pattern($1, certmaster_var_lib_t)
++')
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.5.13/policy/modules/services/certmaster.te
+--- nsaserefpolicy/policy/modules/services/certmaster.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/certmaster.te 2008-10-30 14:48:03.000000000 -0400
+@@ -0,0 +1,85 @@
++policy_module(certmaster,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++# type and domain for certmaster
++type certmaster_t;
++type certmaster_exec_t;
++init_daemon_domain(certmaster_t, certmaster_exec_t)
++
++type certmaster_initrc_exec_t;
++init_script_file(certmaster_initrc_exec_t)
++
++# var/lib files
++type certmaster_var_lib_t;
++files_type(certmaster_var_lib_t)
++
++# config files
++type certmaster_etc_rw_t;
++files_config_type(certmaster_etc_rw_t)
++
++# log files
++type certmaster_var_log_t;
++logging_log_file(certmaster_var_log_t)
++
++# pid files
++type certmaster_var_run_t;
++files_pid_file(certmaster_var_run_t)
++
++###########################################
++#
++# certmaster local policy
++#
++
++allow certmaster_t self:tcp_socket create_stream_socket_perms;
++
++# certification files
++manage_dirs_pattern(certmaster_t,certmaster_cert_t,certmaster_cert_t)
++manage_files_pattern(certmaster_t, certmaster_cert_t, certmaster_cert_t)
++
++# config files
++list_dirs_pattern(certmaster_t,certmaster_etc_rw_t,certmaster_etc_rw_t)
++manage_files_pattern(certmaster_t, certmaster_etc_rw_t, certmaster_etc_rw_t)
++
++# var/lib files for certmaster
++manage_files_pattern(certmaster_t,certmaster_var_lib_t,certmaster_var_lib_t)
++manage_dirs_pattern(certmaster_t,certmaster_var_lib_t,certmaster_var_lib_t)
++files_var_lib_filetrans(certmaster_t,certmaster_var_lib_t, { file dir })
++
++# log files
++manage_files_pattern(certmaster_t, certmaster_var_log_t, certmaster_var_log_t)
++logging_log_filetrans(certmaster_t,certmaster_var_log_t, file )
++
++# pid file
++manage_files_pattern(certmaster_t, certmaster_var_run_t,certmaster_var_run_t)
++manage_sock_files_pattern(certmaster_t, certmaster_var_run_t,certmaster_var_run_t)
++files_pid_filetrans(certmaster_t,certmaster_var_run_t, { file sock_file })
++
++corecmd_search_bin(certmaster_t)
++corecmd_getattr_bin_files(certmaster_t)
++
++# network
++corenet_tcp_bind_inaddr_any_node(certmaster_t)
++corenet_tcp_bind_certmaster_port(certmaster_t)
++
++files_search_etc(certmaster_t)
++files_list_var(certmaster_t)
++files_search_var_lib(certmaster_t)
++
++# read meminfo
++kernel_read_system_state(certmaster_t)
++
++auth_use_nsswitch(certmaster_t)
++
++libs_use_ld_so(certmaster_t)
++libs_use_shared_libs(certmaster_t)
++
++miscfiles_read_localization(certmaster_t)
++
++miscfiles_manage_cert_dirs(certmaster_t)
++miscfiles_manage_cert_files(certmaster_t)
++
++permissive certmaster_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.5.13/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/services/clamav.fc 2008-10-28 10:56:19.000000000 -0400
@@ -12550,7 +12831,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Calendar (PCP) local policy
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.5.13/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/cron.fc 2008-10-28 10:58:50.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/cron.fc 2008-11-03 11:38:06.000000000 -0500
@@ -17,6 +17,8 @@
/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -12560,13 +12841,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/at -d gen_context(system_u:object_r:cron_spool_t,s0)
/var/spool/at/spool -d gen_context(system_u:object_r:cron_spool_t,s0)
/var/spool/at/[^/]* -- <>
-@@ -45,3 +47,6 @@
+@@ -45,3 +47,8 @@
/var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
+/var/lib/misc(/.*)? gen_context(system_u:object_r:system_crond_var_lib_t,s0)
+
+/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0)
++
++/var/log/rpmpkgs.* -- gen_context(system_u:object_r:cron_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.5.13/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/services/cron.if 2008-10-29 11:57:59.000000000 -0400
@@ -17139,7 +17422,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.13/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/networkmanager.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/networkmanager.te 2008-10-30 11:44:48.000000000 -0400
@@ -33,9 +33,9 @@
# networkmanager will ptrace itself if gdb is installed
@@ -17172,7 +17455,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_unlabeled(NetworkManager_t)
corenet_all_recvfrom_netlabel(NetworkManager_t)
-@@ -85,9 +87,11 @@
+@@ -81,13 +83,16 @@
+ corenet_sendrecv_isakmp_server_packets(NetworkManager_t)
+ corenet_sendrecv_dhcpc_server_packets(NetworkManager_t)
+ corenet_sendrecv_all_client_packets(NetworkManager_t)
++corenet_rw_tun_tap_dev(NetworkManager_t)
+
dev_read_sysfs(NetworkManager_t)
dev_read_rand(NetworkManager_t)
dev_read_urand(NetworkManager_t)
@@ -17184,7 +17472,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mls_file_read_all_levels(NetworkManager_t)
-@@ -104,9 +108,14 @@
+@@ -104,9 +109,14 @@
files_read_etc_runtime_files(NetworkManager_t)
files_read_usr_files(NetworkManager_t)
@@ -17199,7 +17487,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
libs_use_ld_so(NetworkManager_t)
libs_use_shared_libs(NetworkManager_t)
-@@ -119,27 +128,40 @@
+@@ -119,27 +129,40 @@
seutil_read_config(NetworkManager_t)
@@ -17246,7 +17534,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -151,8 +173,21 @@
+@@ -151,8 +174,21 @@
')
optional_policy(`
@@ -17270,7 +17558,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -160,23 +195,48 @@
+@@ -160,23 +196,48 @@
')
optional_policy(`
@@ -17321,7 +17609,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -194,7 +254,9 @@
+@@ -194,7 +255,9 @@
optional_policy(`
vpn_domtrans(NetworkManager_t)
@@ -17333,9 +17621,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.5.13/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/nis.fc 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/nis.fc 2008-11-03 13:40:14.000000000 -0500
@@ -1,9 +1,13 @@
-
+-
++/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/yppasswd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/ypserv -- gen_context(system_u:object_r:nis_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/ypxfrd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0)
@@ -17350,7 +17639,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.5.13/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/nis.if 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/nis.if 2008-11-03 14:12:23.000000000 -0500
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -17397,7 +17686,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Execute ypbind in the ypbind domain.
##
##
-@@ -244,3 +263,83 @@
+@@ -244,3 +263,105 @@
corecmd_search_bin($1)
domtrans_pattern($1, ypxfr_exec_t, ypxfr_t)
')
@@ -17423,6 +17712,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+########################################
+##
++## Execute nis server in the nis domain.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++#
++interface(`nis_ypbind_initrc_domtrans',`
++ gen_require(`
++ type ypbind_initrc_exec_t;
++ ')
++
++ init_labeled_script_domtrans($1, ypbind_initrc_exec_t)
++')
++
++########################################
++##
+## All of the rules required to administrate
+## an nis environment
+##
@@ -17444,6 +17752,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ type ypserv_t, ypxfr_t;
+ type ypbind_tmp_t, ypserv_tmp_t, ypserv_conf_t;
+ type ypbind_var_run_t, yppasswdd_var_run_t, ypserv_var_run_t;
++ type ypbind_initrc_exec_t;
+ type nis_initrc_exec_t;
+ ')
+
@@ -17460,8 +17769,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ps_process_pattern($1, ypxfr_t)
+
+ nis_initrc_domtrans($1)
++ nis_ypbind_initrc_domtrans($1)
+ domain_system_change_exemption($1)
+ role_transition $2 nis_initrc_exec_t system_r;
++ role_transition $2 ypbind_initrc_exec_t system_r;
+ allow $2 system_r;
+
+ files_list_tmp($1)
@@ -17483,8 +17794,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.5.13/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/nis.te 2008-10-28 10:56:19.000000000 -0400
-@@ -44,6 +44,9 @@
++++ serefpolicy-3.5.13/policy/modules/services/nis.te 2008-11-03 13:39:45.000000000 -0500
+@@ -13,6 +13,9 @@
+ type ypbind_exec_t;
+ init_daemon_domain(ypbind_t, ypbind_exec_t)
+
++type ypbind_initrc_exec_t;
++init_script_file(ypbind_initrc_exec_t)
++
+ type ypbind_tmp_t;
+ files_tmp_file(ypbind_tmp_t)
+
+@@ -44,6 +47,9 @@
type ypxfr_exec_t;
init_daemon_domain(ypxfr_t, ypxfr_exec_t)
@@ -17494,7 +17815,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# ypbind local policy
-@@ -111,9 +114,19 @@
+@@ -111,9 +117,19 @@
sysnet_read_config(ypbind_t)
userdom_dontaudit_use_unpriv_user_fds(ypbind_t)
@@ -17515,7 +17836,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
seutil_sigchld_newrole(ypbind_t)
')
-@@ -127,6 +140,7 @@
+@@ -127,6 +143,7 @@
# yppasswdd local policy
#
@@ -17523,7 +17844,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dontaudit yppasswdd_t self:capability sys_tty_config;
allow yppasswdd_t self:fifo_file rw_fifo_file_perms;
allow yppasswdd_t self:process { setfscreate signal_perms };
-@@ -157,8 +171,8 @@
+@@ -157,8 +174,8 @@
corenet_udp_sendrecv_all_ports(yppasswdd_t)
corenet_tcp_bind_all_nodes(yppasswdd_t)
corenet_udp_bind_all_nodes(yppasswdd_t)
@@ -17534,7 +17855,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_dontaudit_tcp_bind_all_reserved_ports(yppasswdd_t)
corenet_dontaudit_udp_bind_all_reserved_ports(yppasswdd_t)
corenet_sendrecv_generic_server_packets(yppasswdd_t)
-@@ -249,6 +263,8 @@
+@@ -249,6 +266,8 @@
corenet_udp_bind_all_nodes(ypserv_t)
corenet_tcp_bind_reserved_port(ypserv_t)
corenet_udp_bind_reserved_port(ypserv_t)
@@ -17543,7 +17864,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_dontaudit_tcp_bind_all_reserved_ports(ypserv_t)
corenet_dontaudit_udp_bind_all_reserved_ports(ypserv_t)
corenet_sendrecv_generic_server_packets(ypserv_t)
-@@ -318,6 +334,8 @@
+@@ -318,6 +337,8 @@
corenet_udp_bind_all_nodes(ypxfr_t)
corenet_tcp_bind_reserved_port(ypxfr_t)
corenet_udp_bind_reserved_port(ypxfr_t)
@@ -17562,7 +17883,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.5.13/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/nscd.if 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/nscd.if 2008-11-03 13:42:37.000000000 -0500
@@ -2,7 +2,27 @@
########################################
@@ -17753,7 +18074,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.5.13/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/nscd.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/nscd.te 2008-11-03 13:39:13.000000000 -0500
@@ -20,6 +20,9 @@
type nscd_exec_t;
init_daemon_domain(nscd_t, nscd_exec_t)
@@ -19650,7 +19971,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.5.13/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/ppp.te 2008-10-29 10:47:55.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/ppp.te 2008-10-30 15:01:10.000000000 -0400
@@ -37,8 +37,8 @@
type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)
@@ -19722,7 +20043,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_unlabeled(pptp_t)
corenet_all_recvfrom_netlabel(pptp_t)
corenet_tcp_sendrecv_all_if(pptp_t)
-@@ -269,6 +279,8 @@
+@@ -269,12 +279,16 @@
fs_getattr_all_fs(pptp_t)
fs_search_auto_mountpoints(pptp_t)
@@ -19731,30 +20052,42 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
term_ioctl_generic_ptys(pptp_t)
term_search_ptys(pptp_t)
term_use_ptmx(pptp_t)
-@@ -283,6 +295,7 @@
+
+ domain_use_interactive_fds(pptp_t)
+
++auth_use_nsswitch(pptp_t)
++
+ libs_use_ld_so(pptp_t)
+ libs_use_shared_libs(pptp_t)
+
+@@ -282,7 +296,7 @@
+
miscfiles_read_localization(pptp_t)
- sysnet_read_config(pptp_t)
+-sysnet_read_config(pptp_t)
+sysnet_exec_ifconfig(pptp_t)
userdom_dontaudit_use_unpriv_user_fds(pptp_t)
-@@ -293,6 +306,14 @@
+@@ -293,11 +307,15 @@
')
optional_policy(`
+- hostname_exec(pptp_t)
+ dbus_system_domain(pppd_t, pppd_exec_t)
+
+ optional_policy(`
+ networkmanager_dbus_chat(pppd_t)
+ ')
-+')
-+
-+optional_policy(`
- hostname_exec(pptp_t)
')
-@@ -311,6 +332,3 @@
+ optional_policy(`
+- nscd_socket_use(pptp_t)
++ hostname_exec(pptp_t)
+ ')
+
+ optional_policy(`
+@@ -311,6 +329,3 @@
optional_policy(`
postfix_read_config(pppd_t)
')
@@ -23179,7 +23512,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.13/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2008-10-28 10:58:34.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2008-10-29 17:13:04.000000000 -0400
@@ -21,16 +21,24 @@
gen_tunable(spamd_enable_home_dirs, true)
@@ -23321,7 +23654,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_manage_cifs_files(spamd_t)
')
-@@ -172,16 +218,17 @@
+@@ -172,6 +218,7 @@
optional_policy(`
dcc_domtrans_client(spamd_t)
@@ -23329,20 +23662,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dcc_stream_connect_dccifd(spamd_t)
')
- optional_policy(`
-- mysql_search_db(spamd_t)
-- mysql_stream_connect(spamd_t)
-+ exim_manage_spool_files(spamd_t)
+@@ -181,10 +228,6 @@
')
optional_policy(`
- nis_use_ypbind(spamd_t)
-+ mysql_search_db(spamd_t)
-+ mysql_stream_connect(spamd_t)
+-')
+-
+-optional_policy(`
+ postfix_read_config(spamd_t)
')
- optional_policy(`
-@@ -199,6 +246,10 @@
+@@ -199,6 +242,10 @@
optional_policy(`
razor_domtrans(spamd_t)
@@ -23353,7 +23684,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -213,3 +264,121 @@
+@@ -213,3 +260,121 @@
optional_policy(`
udev_read_db(spamd_t)
')
@@ -24198,7 +24529,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.5.13/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/xserver.fc 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/xserver.fc 2008-11-03 11:42:39.000000000 -0500
@@ -1,13 +1,15 @@
#
# HOME_DIR
@@ -24234,6 +24565,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /opt
#
+@@ -50,7 +47,7 @@
+ /tmp/\.ICE-unix -d gen_context(system_u:object_r:xdm_tmp_t,s0)
+ /tmp/\.ICE-unix/.* -s <>
+ /tmp/\.X0-lock -- gen_context(system_u:object_r:xdm_xserver_tmp_t,s0)
+-/tmp/\.X11-unix -d gen_context(system_u:object_r:xdm_tmp_t,s0)
++/tmp/\.X11-unix -d gen_context(system_u:object_r:xdm_xserver_tmp_t,s0)
+ /tmp/\.X11-unix/.* -s <>
+
+ #
@@ -58,9 +55,11 @@
#
@@ -27845,6 +28185,55 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xen_append_log(lvm_t)
+ xen_dontaudit_rw_unix_stream_sockets(lvm_t)
+')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.5.13/policy/modules/system/miscfiles.if
+--- nsaserefpolicy/policy/modules/system/miscfiles.if 2008-08-07 11:15:12.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/miscfiles.if 2008-10-31 11:01:20.000000000 -0400
+@@ -23,6 +23,45 @@
+
+ ########################################
+ ##
++## manange system SSL certificates.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`
++ gen_require(`
++ type cert_t;
++ ')
++
++ manage_dirs_pattern($1,cert_t,cert_t)
++')
++
++########################################
++##
++## manange system SSL certificates.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`miscfiles_manage_cert_files',`
++ gen_require(`
++ type cert_t;
++ ')
++
++ manage_files_pattern($1,cert_t,cert_t)
++ read_lnk_files_pattern($1,cert_t,cert_t)
++')
++
++########################################
++##
+ ## Read fonts.
+ ##
+ ##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.5.13/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2008-10-14 11:58:09.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/system/modutils.te 2008-10-28 10:56:19.000000000 -0400
@@ -29128,7 +29517,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.5.13/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.te 2008-10-29 09:04:33.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.te 2008-11-03 13:42:28.000000000 -0500
@@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -29184,7 +29573,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_redhat', `
files_exec_etc_files(dhcpc_t)
')
-@@ -185,14 +187,12 @@
+@@ -185,25 +187,22 @@
')
optional_policy(`
@@ -29201,11 +29590,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+optional_policy(`
-+ nis_initrc_domtrans(dhcpc_t)
++ nis_ypbind_initrc_domtrans(dhcpc_t)
')
optional_policy(`
-@@ -201,9 +201,7 @@
++ nscd_initrc_domtrans(dhcpc_t)
+ nscd_domtrans(dhcpc_t)
+ nscd_read_pid(dhcpc_t)
')
optional_policy(`
@@ -29216,7 +29607,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -214,6 +212,11 @@
+@@ -214,6 +213,11 @@
optional_policy(`
seutil_sigchld_newrole(dhcpc_t)
seutil_dontaudit_search_config(dhcpc_t)
@@ -29228,7 +29619,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -225,6 +228,10 @@
+@@ -225,6 +229,10 @@
')
optional_policy(`
@@ -29239,7 +29630,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_xen_state(dhcpc_t)
kernel_write_xen_state(dhcpc_t)
xen_append_log(dhcpc_t)
-@@ -238,7 +245,6 @@
+@@ -238,7 +246,6 @@
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
@@ -29247,7 +29638,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow ifconfig_t self:fd use;
allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-@@ -252,6 +258,7 @@
+@@ -252,6 +259,7 @@
allow ifconfig_t self:sem create_sem_perms;
allow ifconfig_t self:msgq create_msgq_perms;
allow ifconfig_t self:msg { send receive };
@@ -29255,7 +29646,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Create UDP sockets, necessary when called from dhcpc
allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -261,13 +268,20 @@
+@@ -261,13 +269,20 @@
allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
allow ifconfig_t self:tcp_socket { create ioctl };
@@ -29276,7 +29667,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_rw_tun_tap_dev(ifconfig_t)
-@@ -278,8 +292,13 @@
+@@ -278,8 +293,13 @@
fs_getattr_xattr_fs(ifconfig_t)
fs_search_auto_mountpoints(ifconfig_t)
@@ -29290,7 +29681,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domain_use_interactive_fds(ifconfig_t)
-@@ -335,6 +354,14 @@
+@@ -335,6 +355,14 @@
')
optional_policy(`
@@ -29307,8 +29698,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
xen_append_log(ifconfig_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.5.13/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/udev.fc 2008-10-28 10:56:19.000000000 -0400
-@@ -13,6 +13,7 @@
++++ serefpolicy-3.5.13/policy/modules/system/udev.fc 2008-11-03 11:39:49.000000000 -0500
+@@ -13,8 +13,11 @@
/sbin/start_udev -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
@@ -29316,6 +29707,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
+
+ /usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
++
++/var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:rpm_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.5.13/policy/modules/system/udev.if
--- nsaserefpolicy/policy/modules/system/udev.if 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/system/udev.if 2008-10-28 10:56:19.000000000 -0400
@@ -29374,7 +29769,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.5.13/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/udev.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/udev.te 2008-11-03 11:41:29.000000000 -0500
@@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t)
@@ -29410,7 +29805,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
consoletype_exec(udev_t)
')
-@@ -240,5 +247,9 @@
+@@ -233,6 +240,10 @@
+ ')
+
+ optional_policy(`
++ rpm_search_log(udev_t)
++')
++
++optional_policy(`
+ kernel_write_xen_state(udev_t)
+ kernel_read_xen_state(udev_t)
+ xen_manage_log(udev_t)
+@@ -240,5 +251,9 @@
')
optional_policy(`
@@ -30167,7 +30573,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-10-29 16:35:07.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-10-30 16:14:16.000000000 -0400
@@ -28,10 +28,14 @@
class context contains;
')
@@ -32280,6 +32686,30 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
allow $1 userdomain:process getattr;
+@@ -5429,7 +5528,7 @@
+
+ ########################################
+ ##
+-## Send general signals to all user domains.
++## Send signull to all user domains.
+ ##
+ ##
+ ##
+@@ -5437,12 +5536,12 @@
+ ##
+ ##
+ #
+-interface(`userdom_signal_all_users',`
++interface(`userdom_signull_all_users',`
+ gen_require(`
+ attribute userdomain;
+ ')
+
+- allow $1 userdomain:process signal;
++ allow $1 userdomain:process signull;
+ ')
+
+ ########################################
@@ -5483,6 +5582,42 @@
########################################