diff --git a/modules-minimum.conf b/modules-minimum.conf
index e5b8f8d..7e698e0 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -1505,6 +1505,13 @@ aide = module
w3c = module
# Layer: services
+# Module: portreserve
+#
+# reserve ports to prevent portmap mapping them
+#
+portreserve = module
+
+# Layer: services
# Module: rpcbind
#
# universal addresses to RPC program number mapper
diff --git a/modules-targeted.conf b/modules-targeted.conf
index e5b8f8d..7e698e0 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1505,6 +1505,13 @@ aide = module
w3c = module
# Layer: services
+# Module: portreserve
+#
+# reserve ports to prevent portmap mapping them
+#
+portreserve = module
+
+# Layer: services
# Module: rpcbind
#
# universal addresses to RPC program number mapper
diff --git a/policy-20080710.patch b/policy-20080710.patch
index a97727b..00a22d4 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -1,6 +1,6 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.12/Makefile
--- nsaserefpolicy/Makefile 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.12/Makefile 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/Makefile 2008-10-14 15:00:15.000000000 -0400
@@ -311,20 +311,22 @@
# parse-rolemap modulename,outputfile
@@ -47,7 +47,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Mak
$(verbose) $(INSTALL) -m 644 $< $@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.12/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.12/Rules.modular 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/Rules.modular 2008-10-14 15:00:15.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -79,7 +79,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rul
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.12/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -103,13 +103,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:xdm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.12/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/failsafe_context 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/failsafe_context 2008-10-14 15:00:15.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mcs/guest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/guest_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,6 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -119,7 +119,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+guest_r:guest_t:s0 guest_r:guest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/root_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/root_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,11 +1,7 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -136,7 +136,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/staff_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/staff_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,10 +1,12 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -153,7 +153,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -6,4 +6,6 @@
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
@@ -163,7 +163,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/user_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/user_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,8 +1,9 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -178,13 +178,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+user_r:user_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.12/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/userhelper_context 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/userhelper_context 2008-10-14 15:00:15.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mcs/xguest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/xguest_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -195,7 +195,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.12/config/appconfig-mls/default_contexts
--- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -219,7 +219,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:xdm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mls/guest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/guest_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -227,7 +227,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:crond_t:s0 guest_r:guest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.12/config/appconfig-mls/root_default_contexts
--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/root_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/root_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,11 +1,11 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -248,7 +248,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/staff_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/staff_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -260,7 +260,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/user_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/user_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -272,7 +272,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
user_r:user_sudo_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mls/xguest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/xguest_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -283,7 +283,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.12/config/appconfig-standard/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-standard/guest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-standard/guest_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t guest_r:guest_t
+system_r:remote_login_t guest_r:guest_t
@@ -291,7 +291,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:crond_t guest_r:guest_crond_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.5.12/config/appconfig-standard/root_default_contexts
--- nsaserefpolicy/config/appconfig-standard/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-standard/root_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-standard/root_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,11 +1,7 @@
system_r:crond_t unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
system_r:local_login_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -307,7 +307,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts serefpolicy-3.5.12/config/appconfig-standard/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-standard/staff_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-standard/staff_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t staff_r:staff_t sysadm_r:sysadm_t
system_r:remote_login_t staff_r:staff_t
@@ -319,7 +319,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
staff_r:staff_sudo_t staff_r:staff_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/user_u_default_contexts serefpolicy-3.5.12/config/appconfig-standard/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-standard/user_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-standard/user_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t user_r:user_t
system_r:remote_login_t user_r:user_t
@@ -331,7 +331,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
user_r:user_sudo_t user_r:user_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.5.12/config/appconfig-standard/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-standard/xguest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-standard/xguest_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,5 @@
+system_r:local_login_t xguest_r:xguest_t
+system_r:remote_login_t xguest_r:xguest_t
@@ -340,7 +340,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:xdm_t xguest_r:xguest_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.5.12/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.12/policy/flask/access_vectors 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/flask/access_vectors 2008-10-14 15:00:15.000000000 -0400
@@ -616,6 +616,7 @@
nlmsg_write
nlmsg_relay
@@ -351,7 +351,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
class netlink_ip6fw_socket
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.5.12/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/global_tunables 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/global_tunables 2008-10-14 15:00:15.000000000 -0400
@@ -34,7 +34,7 @@
## <desc>
@@ -392,7 +392,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.5.12/policy/mls
--- nsaserefpolicy/policy/mls 2008-09-24 09:07:29.000000000 -0400
-+++ serefpolicy-3.5.12/policy/mls 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/mls 2008-10-14 15:00:15.000000000 -0400
@@ -381,11 +381,18 @@
( t1 == mlsxwinread ));
@@ -413,37 +413,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# No MLS restrictions: x_drawable { show hide override }
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.5.12/policy/modules/admin/alsa.te
---- nsaserefpolicy/policy/modules/admin/alsa.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/alsa.te 2008-10-10 16:08:15.000000000 -0400
-@@ -48,9 +48,12 @@
-
- files_search_home(alsa_t)
- files_read_etc_files(alsa_t)
-+files_read_usr_files(alsa_t)
-
- auth_use_nsswitch(alsa_t)
-
-+init_use_fds(alsa_t)
-+
- libs_use_ld_so(alsa_t)
- libs_use_shared_libs(alsa_t)
-
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.5.12/policy/modules/admin/amanda.te
---- nsaserefpolicy/policy/modules/admin/amanda.te 2008-08-14 10:07:05.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/amanda.te 2008-10-10 16:08:15.000000000 -0400
-@@ -129,6 +129,8 @@
- corenet_tcp_bind_all_nodes(amanda_t)
- corenet_udp_bind_all_nodes(amanda_t)
- corenet_tcp_bind_all_rpc_ports(amanda_t)
-+corenet_tcp_bind_generic_port(amanda_t)
-+corenet_dontaudit_tcp_bind_all_ports(amanda_t)
-
- dev_getattr_all_blk_files(amanda_t)
- dev_getattr_all_chr_files(amanda_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.5.12/policy/modules/admin/anaconda.te
---- nsaserefpolicy/policy/modules/admin/anaconda.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/anaconda.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/anaconda.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/anaconda.te 2008-10-14 15:00:15.000000000 -0400
@@ -31,6 +31,7 @@
modutils_domtrans_insmod(anaconda_t)
@@ -454,7 +426,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.5.12/policy/modules/admin/certwatch.te
--- nsaserefpolicy/policy/modules/admin/certwatch.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/certwatch.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/certwatch.te 2008-10-14 15:00:15.000000000 -0400
@@ -27,6 +27,8 @@
fs_list_inotifyfs(certwatch_t)
@@ -466,7 +438,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.5.12/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/consoletype.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/consoletype.te 2008-10-14 15:00:15.000000000 -0400
@@ -8,9 +8,11 @@
type consoletype_t;
@@ -491,8 +463,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
init_use_fds(consoletype_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.5.12/policy/modules/admin/kismet.te
---- nsaserefpolicy/policy/modules/admin/kismet.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/kismet.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/kismet.te 2008-10-14 11:58:10.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/kismet.te 2008-10-14 15:00:15.000000000 -0400
@@ -28,8 +28,9 @@
allow kismet_t self:capability { net_admin net_raw setuid setgid };
allow kismet_t self:fifo_file rw_file_perms;
@@ -527,7 +499,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(kismet_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.5.12/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/logwatch.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/logwatch.te 2008-10-14 15:00:15.000000000 -0400
@@ -54,18 +54,19 @@
domain_read_all_domains_state(logwatch_t)
@@ -557,199 +529,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
samba_read_log(logwatch_t)
+ samba_read_share_files(logwatch_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.5.12/policy/modules/admin/mrtg.te
---- nsaserefpolicy/policy/modules/admin/mrtg.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/mrtg.te 2008-10-10 16:08:15.000000000 -0400
-@@ -78,6 +78,7 @@
- dev_read_urand(mrtg_t)
-
- domain_use_interactive_fds(mrtg_t)
-+domain_dontaudit_search_all_domains_state(mrtg_t)
-
- files_read_usr_files(mrtg_t)
- files_search_var(mrtg_t)
-@@ -92,6 +93,7 @@
-
- fs_search_auto_mountpoints(mrtg_t)
- fs_getattr_xattr_fs(mrtg_t)
-+fs_list_inotifyfs(mrtg_t)
-
- term_dontaudit_use_console(mrtg_t)
-
-@@ -101,6 +103,8 @@
- init_read_utmp(mrtg_t)
- init_dontaudit_write_utmp(mrtg_t)
-
-+auth_use_nsswitch(mrtg_t)
-+
- libs_read_lib_files(mrtg_t)
- libs_use_ld_so(mrtg_t)
- libs_use_shared_libs(mrtg_t)
-@@ -111,12 +115,10 @@
-
- selinux_dontaudit_getattr_dir(mrtg_t)
-
--# Use the network.
--sysnet_read_config(mrtg_t)
--
- userdom_dontaudit_use_unpriv_user_fds(mrtg_t)
-
- sysadm_use_terms(mrtg_t)
-+sysadm_dontaudit_read_home_content_files(mrtg_t)
-
- ifdef(`enable_mls',`
- corenet_udp_sendrecv_lo_if(mrtg_t)
-@@ -140,14 +142,6 @@
- ')
-
- optional_policy(`
-- nis_use_ypbind(mrtg_t)
--')
--
--optional_policy(`
-- nscd_dontaudit_search_pid(mrtg_t)
--')
--
--optional_policy(`
- seutil_sigchld_newrole(mrtg_t)
- ')
-
-@@ -162,10 +156,3 @@
- optional_policy(`
- udev_read_db(mrtg_t)
- ')
--
--ifdef(`TODO',`
-- # should not need this!
-- dontaudit mrtg_t { staff_home_dir_t sysadm_home_dir_t }:dir { search read getattr };
-- dontaudit mrtg_t { boot_t device_t file_t lost_found_t }:dir getattr;
-- dontaudit mrtg_t root_t:lnk_file getattr;
--')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.5.12/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/netutils.te 2008-10-10 16:08:15.000000000 -0400
-@@ -50,6 +50,7 @@
- files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
-
- kernel_search_proc(netutils_t)
-+kernel_read_sysctl(netutils_t)
-
- corenet_all_recvfrom_unlabeled(netutils_t)
- corenet_all_recvfrom_netlabel(netutils_t)
-@@ -78,6 +79,8 @@
- init_use_fds(netutils_t)
- init_use_script_ptys(netutils_t)
-
-+auth_use_nsswitch(netutils_t)
-+
- libs_use_ld_so(netutils_t)
- libs_use_shared_libs(netutils_t)
-
-@@ -85,8 +88,6 @@
-
- miscfiles_read_localization(netutils_t)
-
--sysnet_read_config(netutils_t)
--
- userdom_use_all_users_fds(netutils_t)
-
- optional_policy(`
-@@ -94,6 +95,10 @@
+--- nsaserefpolicy/policy/modules/admin/netutils.te 2008-10-14 11:58:10.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/netutils.te 2008-10-14 15:00:15.000000000 -0400
+@@ -149,6 +149,10 @@
')
optional_policy(`
-+ vmware_append_log(netutils_t)
++ munin_append_log(ping_t)
+')
+
+optional_policy(`
- xen_append_log(netutils_t)
- ')
-
-@@ -107,12 +112,14 @@
- allow ping_t self:tcp_socket create_socket_perms;
- allow ping_t self:rawip_socket { create ioctl read write bind getopt setopt };
- allow ping_t self:packet_socket { create ioctl read write bind getopt setopt };
-+allow ping_t self:netlink_route_socket create_netlink_socket_perms;
-
- corenet_all_recvfrom_unlabeled(ping_t)
- corenet_all_recvfrom_netlabel(ping_t)
- corenet_tcp_sendrecv_all_if(ping_t)
- corenet_raw_sendrecv_all_if(ping_t)
- corenet_raw_sendrecv_all_nodes(ping_t)
-+corenet_raw_bind_all_nodes(ping_t)
- corenet_tcp_sendrecv_all_nodes(ping_t)
- corenet_tcp_sendrecv_all_ports(ping_t)
-
-@@ -123,6 +130,8 @@
- files_read_etc_files(ping_t)
- files_dontaudit_search_var(ping_t)
-
-+auth_use_nsswitch(ping_t)
-+
- libs_use_ld_so(ping_t)
- libs_use_shared_libs(ping_t)
-
-@@ -130,9 +139,6 @@
-
- miscfiles_read_localization(ping_t)
-
--sysnet_read_config(ping_t)
--sysnet_dns_name_resolve(ping_t)
--
- ifdef(`hide_broken_symptoms',`
- init_dontaudit_use_fds(ping_t)
- ')
-@@ -143,11 +149,7 @@
- ')
-
- optional_policy(`
-- nis_use_ypbind(ping_t)
--')
--
--optional_policy(`
-- nscd_socket_use(ping_t)
-+ munin_append_log(ping_t)
+ pcmcia_use_cardmgr_fds(ping_t)
')
- optional_policy(`
-@@ -166,7 +168,6 @@
- allow traceroute_t self:capability { net_admin net_raw setuid setgid };
- allow traceroute_t self:rawip_socket create_socket_perms;
- allow traceroute_t self:packet_socket create_socket_perms;
--allow traceroute_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
- allow traceroute_t self:udp_socket create_socket_perms;
-
- kernel_read_system_state(traceroute_t)
-@@ -200,6 +201,8 @@
-
- init_use_fds(traceroute_t)
-
-+auth_use_nsswitch(traceroute_t)
-+
- libs_use_ld_so(traceroute_t)
- libs_use_shared_libs(traceroute_t)
-
-@@ -212,17 +215,7 @@
- dev_read_urand(traceroute_t)
- files_read_usr_files(traceroute_t)
-
--sysnet_read_config(traceroute_t)
--
- tunable_policy(`user_ping',`
- term_use_all_user_ttys(traceroute_t)
- term_use_all_user_ptys(traceroute_t)
- ')
--
--optional_policy(`
-- nis_use_ypbind(traceroute_t)
--')
--
--optional_policy(`
-- nscd_socket_use(traceroute_t)
--')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.5.12/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/prelink.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/prelink.te 2008-10-14 15:00:15.000000000 -0400
@@ -26,7 +26,7 @@
# Local policy
#
@@ -809,7 +605,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.5.12/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/rpm.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/rpm.fc 2008-10-14 15:00:15.000000000 -0400
@@ -11,7 +11,8 @@
/usr/sbin/system-install-packages -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -840,7 +636,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_suse', `
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.5.12/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/rpm.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/rpm.if 2008-10-14 15:00:15.000000000 -0400
@@ -152,6 +152,24 @@
########################################
@@ -1148,7 +944,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.5.12/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/rpm.te 2008-10-10 17:19:04.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/rpm.te 2008-10-14 15:00:15.000000000 -0400
@@ -31,6 +31,9 @@
files_type(rpm_var_lib_t)
typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -1291,7 +1087,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
java_domtrans(rpm_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.5.12/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/su.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/su.if 2008-10-14 15:00:15.000000000 -0400
@@ -41,15 +41,13 @@
allow $2 $1_su_t:process signal;
@@ -1449,7 +1245,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#######################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.5.12/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/sudo.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/sudo.if 2008-10-14 15:00:15.000000000 -0400
@@ -55,7 +55,7 @@
#
@@ -1564,7 +1360,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.5.12/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/tmpreaper.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/tmpreaper.te 2008-10-14 15:00:15.000000000 -0400
@@ -22,12 +22,16 @@
dev_read_urand(tmpreaper_t)
@@ -1611,7 +1407,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.5.12/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/usermanage.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/usermanage.te 2008-10-14 15:00:15.000000000 -0400
@@ -97,6 +97,7 @@
# allow checking if a shell is executable
@@ -1684,7 +1480,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.if serefpolicy-3.5.12/policy/modules/admin/vbetool.if
--- nsaserefpolicy/policy/modules/admin/vbetool.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/vbetool.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/vbetool.if 2008-10-14 15:00:15.000000000 -0400
@@ -18,3 +18,34 @@
corecmd_search_bin($1)
domtrans_pattern($1, vbetool_exec_t, vbetool_t)
@@ -1722,7 +1518,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.5.12/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/vbetool.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/vbetool.te 2008-10-14 15:00:15.000000000 -0400
@@ -23,6 +23,9 @@
dev_rwx_zero(vbetool_t)
dev_read_sysfs(vbetool_t)
@@ -1742,41 +1538,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_exec_pid(vbetool_t)
+ xserver_write_pid(vbetool_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc serefpolicy-3.5.12/policy/modules/admin/vpn.fc
---- nsaserefpolicy/policy/modules/admin/vpn.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/vpn.fc 2008-10-10 16:08:15.000000000 -0400
-@@ -6,6 +6,7 @@
- #
- # /usr
- #
-+/usr/bin/openconnect -- gen_context(system_u:object_r:vpnc_exec_t,s0)
- /usr/sbin/vpnc -- gen_context(system_u:object_r:vpnc_exec_t,s0)
-
- /var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.5.12/policy/modules/admin/vpn.te
---- nsaserefpolicy/policy/modules/admin/vpn.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/admin/vpn.te 2008-10-10 16:08:15.000000000 -0400
-@@ -23,7 +23,7 @@
- #
-
- allow vpnc_t self:capability { dac_read_search dac_override net_admin ipc_lock net_raw };
--allow vpnc_t self:process getsched;
-+allow vpnc_t self:process { getsched signal };
- allow vpnc_t self:fifo_file rw_fifo_file_perms;
- allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
- allow vpnc_t self:tcp_socket create_stream_socket_perms;
-@@ -44,7 +44,7 @@
-
- kernel_read_system_state(vpnc_t)
- kernel_read_network_state(vpnc_t)
--kernel_read_kernel_sysctls(vpnc_t)
-+kernel_read_all_sysctls(vpnc_t)
- kernel_rw_net_sysctls(vpnc_t)
-
- corenet_all_recvfrom_unlabeled(vpnc_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.5.12/policy/modules/apps/ethereal.fc
--- nsaserefpolicy/policy/modules/apps/ethereal.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/ethereal.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/ethereal.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,4 @@
-HOME_DIR/\.ethereal(/.*)? gen_context(system_u:object_r:ROLE_ethereal_home_t,s0)
+HOME_DIR/\.ethereal(/.*)? gen_context(system_u:object_r:ethereal_home_t,s0)
@@ -1785,7 +1549,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/tethereal.* -- gen_context(system_u:object_r:tethereal_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.if serefpolicy-3.5.12/policy/modules/apps/ethereal.if
--- nsaserefpolicy/policy/modules/apps/ethereal.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/ethereal.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/ethereal.if 2008-10-14 15:00:15.000000000 -0400
@@ -35,6 +35,7 @@
template(`ethereal_per_role_template',`
@@ -1891,7 +1655,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#######################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.te serefpolicy-3.5.12/policy/modules/apps/ethereal.te
--- nsaserefpolicy/policy/modules/apps/ethereal.te 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/ethereal.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/ethereal.te 2008-10-14 15:00:15.000000000 -0400
@@ -16,6 +16,13 @@
type tethereal_tmp_t;
files_tmp_file(tethereal_tmp_t)
@@ -1908,7 +1672,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Tethereal policy
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if serefpolicy-3.5.12/policy/modules/apps/games.if
--- nsaserefpolicy/policy/modules/apps/games.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/games.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/games.if 2008-10-14 15:00:15.000000000 -0400
@@ -130,10 +130,10 @@
sysnet_read_config($1_games_t)
@@ -1950,7 +1714,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.5.12/policy/modules/apps/gnome.fc
--- nsaserefpolicy/policy/modules/apps/gnome.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/gnome.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/gnome.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,8 +1,10 @@
-HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:ROLE_gnome_home_t,s0)
-HOME_DIR/\.gconf(d)?(/.*)? gen_context(system_u:object_r:ROLE_gconf_home_t,s0)
@@ -1970,7 +1734,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+HOME_DIR/.pulse(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.5.12/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/gnome.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/gnome.if 2008-10-14 15:00:15.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
type gconfd_exec_t, gconf_etc_t;
@@ -2220,7 +1984,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.5.12/policy/modules/apps/gnome.te
--- nsaserefpolicy/policy/modules/apps/gnome.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/gnome.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/gnome.te 2008-10-14 15:00:15.000000000 -0400
@@ -8,8 +8,34 @@
attribute gnomedomain;
@@ -2261,7 +2025,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.5.12/policy/modules/apps/gpg.fc
--- nsaserefpolicy/policy/modules/apps/gpg.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/gpg.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/gpg.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,9 +1,9 @@
-HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0)
+HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0)
@@ -2278,7 +2042,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.5.12/policy/modules/apps/gpg.if
--- nsaserefpolicy/policy/modules/apps/gpg.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/gpg.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/gpg.if 2008-10-14 15:00:15.000000000 -0400
@@ -37,6 +37,9 @@
template(`gpg_per_role_template',`
gen_require(`
@@ -2617,7 +2381,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.5.12/policy/modules/apps/gpg.te
--- nsaserefpolicy/policy/modules/apps/gpg.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/gpg.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/gpg.te 2008-10-14 15:00:15.000000000 -0400
@@ -15,15 +15,253 @@
gen_tunable(gpg_agent_env_file, false)
@@ -2878,7 +2642,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.5.12/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/java.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/java.fc 2008-10-14 15:00:15.000000000 -0400
@@ -3,14 +3,15 @@
#
/opt/(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -2912,7 +2676,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.5.12/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/java.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/java.if 2008-10-14 15:00:15.000000000 -0400
@@ -32,7 +32,7 @@
## </summary>
## </param>
@@ -3188,7 +2952,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.5.12/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/java.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/java.te 2008-10-14 15:00:15.000000000 -0400
@@ -6,16 +6,10 @@
# Declarations
#
@@ -3240,13 +3004,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.5.12/policy/modules/apps/livecd.fc
--- nsaserefpolicy/policy/modules/apps/livecd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/livecd.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/livecd.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.5.12/policy/modules/apps/livecd.if
--- nsaserefpolicy/policy/modules/apps/livecd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/livecd.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/livecd.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,56 @@
+
+## <summary>policy for livecd</summary>
@@ -3306,7 +3070,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.5.12/policy/modules/apps/livecd.te
--- nsaserefpolicy/policy/modules/apps/livecd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/livecd.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/livecd.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,26 @@
+policy_module(livecd, 1.0.0)
+
@@ -3336,7 +3100,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+seutil_domtrans_setfiles_mac(livecd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.5.12/policy/modules/apps/loadkeys.te
--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/loadkeys.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/loadkeys.te 2008-10-14 15:00:15.000000000 -0400
@@ -32,7 +32,6 @@
term_dontaudit_use_console(loadkeys_t)
term_use_unallocated_ttys(loadkeys_t)
@@ -3355,7 +3119,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+sysadm_dontaudit_list_home_dirs(loadkeys_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.5.12/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/mono.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/mono.if 2008-10-14 15:00:15.000000000 -0400
@@ -21,7 +21,106 @@
########################################
@@ -3475,7 +3239,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_search_bin($1)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.5.12/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/mono.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/mono.te 2008-10-14 15:00:15.000000000 -0400
@@ -15,7 +15,7 @@
# Local policy
#
@@ -3495,7 +3259,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.5.12/policy/modules/apps/mozilla.fc
--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/mozilla.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/mozilla.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,8 +1,8 @@
-HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
-HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
@@ -3526,7 +3290,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.5.12/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/mozilla.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/mozilla.if 2008-10-14 15:00:15.000000000 -0400
@@ -35,7 +35,10 @@
template(`mozilla_per_role_template',`
gen_require(`
@@ -4006,7 +3770,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.5.12/policy/modules/apps/mozilla.te
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/mozilla.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/mozilla.te 2008-10-14 15:00:15.000000000 -0400
@@ -6,15 +6,20 @@
# Declarations
#
@@ -4037,7 +3801,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+typealias mozilla_tmp_t alias user_mozilla_tmp_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.5.12/policy/modules/apps/mplayer.fc
--- nsaserefpolicy/policy/modules/apps/mplayer.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/mplayer.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/mplayer.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,13 +1,8 @@
#
-# /etc
@@ -4055,7 +3819,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:mplayer_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.5.12/policy/modules/apps/mplayer.if
--- nsaserefpolicy/policy/modules/apps/mplayer.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/mplayer.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/mplayer.if 2008-10-14 15:00:15.000000000 -0400
@@ -34,7 +34,8 @@
#
template(`mplayer_per_role_template',`
@@ -4200,7 +3964,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.5.12/policy/modules/apps/mplayer.te
--- nsaserefpolicy/policy/modules/apps/mplayer.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/mplayer.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/mplayer.te 2008-10-14 15:00:15.000000000 -0400
@@ -22,3 +22,7 @@
type mplayer_exec_t;
corecmd_executable_file(mplayer_exec_t)
@@ -4211,7 +3975,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.5.12/policy/modules/apps/nsplugin.fc
--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/nsplugin.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/nsplugin.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,9 @@
+
+/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0)
@@ -4224,7 +3988,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+HOME_DIR/\.config/totem(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.5.12/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/nsplugin.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/nsplugin.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,290 @@
+
+## <summary>policy for nsplugin</summary>
@@ -4518,7 +4282,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.12/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/nsplugin.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/nsplugin.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,246 @@
+
+policy_module(nsplugin, 1.0.0)
@@ -4768,14 +4532,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.5.12/policy/modules/apps/openoffice.fc
--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/openoffice.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/openoffice.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,3 @@
+/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.5.12/policy/modules/apps/openoffice.if
--- nsaserefpolicy/policy/modules/apps/openoffice.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/openoffice.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/openoffice.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,106 @@
+## <summary>Openoffice</summary>
+
@@ -4885,7 +4649,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.5.12/policy/modules/apps/openoffice.te
--- nsaserefpolicy/policy/modules/apps/openoffice.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/openoffice.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/openoffice.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,14 @@
+
+policy_module(openoffice, 1.0.0)
@@ -4903,7 +4667,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.fc serefpolicy-3.5.12/policy/modules/apps/podsleuth.fc
--- nsaserefpolicy/policy/modules/apps/podsleuth.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/podsleuth.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/podsleuth.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,2 +1,4 @@
/usr/bin/podsleuth -- gen_context(system_u:object_r:podsleuth_exec_t,s0)
@@ -4911,7 +4675,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/cache/podsleuth(/.*)? gen_context(system_u:object_r:podsleuth_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.if serefpolicy-3.5.12/policy/modules/apps/podsleuth.if
--- nsaserefpolicy/policy/modules/apps/podsleuth.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/podsleuth.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/podsleuth.if 2008-10-14 15:00:15.000000000 -0400
@@ -16,4 +16,38 @@
')
@@ -4953,7 +4717,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.5.12/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/podsleuth.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/podsleuth.te 2008-10-14 15:00:15.000000000 -0400
@@ -11,24 +11,55 @@
application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t;
@@ -5014,7 +4778,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dbus_system_bus_client_template(podsleuth, podsleuth_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.5.12/policy/modules/apps/qemu.fc
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/qemu.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/qemu.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,2 +1,4 @@
/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
@@ -5022,7 +4786,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/cache/libvirt(/.*)? -- gen_context(system_u:object_r:qemu_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.5.12/policy/modules/apps/qemu.if
--- nsaserefpolicy/policy/modules/apps/qemu.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/qemu.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/qemu.if 2008-10-14 15:00:15.000000000 -0400
@@ -48,6 +48,91 @@
allow qemu_t $3:chr_file rw_file_perms;
')
@@ -5395,7 +5159,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.5.12/policy/modules/apps/qemu.te
--- nsaserefpolicy/policy/modules/apps/qemu.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/qemu.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/qemu.te 2008-10-14 15:00:15.000000000 -0400
@@ -6,6 +6,8 @@
# Declarations
#
@@ -5541,7 +5305,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# qemu_unconfined local policy
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.5.12/policy/modules/apps/screen.fc
--- nsaserefpolicy/policy/modules/apps/screen.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/screen.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/screen.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,7 +1,7 @@
#
# /home
@@ -5553,7 +5317,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /usr
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.5.12/policy/modules/apps/screen.if
--- nsaserefpolicy/policy/modules/apps/screen.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/screen.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/screen.if 2008-10-14 15:00:15.000000000 -0400
@@ -35,6 +35,7 @@
template(`screen_per_role_template',`
gen_require(`
@@ -5608,7 +5372,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_kernel_sysctls($1_screen_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.te serefpolicy-3.5.12/policy/modules/apps/screen.te
--- nsaserefpolicy/policy/modules/apps/screen.te 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/screen.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/screen.te 2008-10-14 15:00:15.000000000 -0400
@@ -11,3 +11,7 @@
type screen_exec_t;
@@ -5619,7 +5383,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.fc serefpolicy-3.5.12/policy/modules/apps/thunderbird.fc
--- nsaserefpolicy/policy/modules/apps/thunderbird.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/thunderbird.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/thunderbird.fc 2008-10-14 15:00:15.000000000 -0400
@@ -3,4 +3,4 @@
#
/usr/bin/thunderbird.* -- gen_context(system_u:object_r:thunderbird_exec_t,s0)
@@ -5628,7 +5392,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+HOME_DIR/\.thunderbird(/.*)? gen_context(system_u:object_r:user_thunderbird_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.if serefpolicy-3.5.12/policy/modules/apps/thunderbird.if
--- nsaserefpolicy/policy/modules/apps/thunderbird.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/thunderbird.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/thunderbird.if 2008-10-14 15:00:15.000000000 -0400
@@ -43,9 +43,9 @@
application_domain($1_thunderbird_t, thunderbird_exec_t)
role $3 types $1_thunderbird_t;
@@ -5702,7 +5466,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
',`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.te serefpolicy-3.5.12/policy/modules/apps/thunderbird.te
--- nsaserefpolicy/policy/modules/apps/thunderbird.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/thunderbird.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/thunderbird.te 2008-10-14 15:00:15.000000000 -0400
@@ -8,3 +8,7 @@
type thunderbird_exec_t;
@@ -5713,7 +5477,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.if serefpolicy-3.5.12/policy/modules/apps/tvtime.if
--- nsaserefpolicy/policy/modules/apps/tvtime.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/tvtime.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/tvtime.if 2008-10-14 15:00:15.000000000 -0400
@@ -35,6 +35,7 @@
template(`tvtime_per_role_template',`
gen_require(`
@@ -5783,7 +5547,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ps_process_pattern($2,$1_tvtime_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.te serefpolicy-3.5.12/policy/modules/apps/tvtime.te
--- nsaserefpolicy/policy/modules/apps/tvtime.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/tvtime.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/tvtime.te 2008-10-14 15:00:15.000000000 -0400
@@ -11,3 +11,9 @@
type tvtime_dir_t;
@@ -5796,7 +5560,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+files_tmp_file(user_tvtime_tmp_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc serefpolicy-3.5.12/policy/modules/apps/uml.fc
--- nsaserefpolicy/policy/modules/apps/uml.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/uml.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/uml.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,7 +1,7 @@
#
# HOME_DIR/
@@ -5808,7 +5572,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /usr
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.5.12/policy/modules/apps/vmware.fc
--- nsaserefpolicy/policy/modules/apps/vmware.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/vmware.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/vmware.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,9 +1,9 @@
#
# HOME_DIR/
@@ -5869,7 +5633,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/vmware-tools/sbin64/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.5.12/policy/modules/apps/vmware.if
--- nsaserefpolicy/policy/modules/apps/vmware.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/vmware.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/vmware.if 2008-10-14 15:00:15.000000000 -0400
@@ -47,11 +47,8 @@
domain_entry_file($1_vmware_t, vmware_exec_t)
role $3 types $1_vmware_t;
@@ -5901,7 +5665,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_dirs_pattern($1_vmware_t, $1_vmware_tmp_t, $1_vmware_tmp_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.5.12/policy/modules/apps/vmware.te
--- nsaserefpolicy/policy/modules/apps/vmware.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/vmware.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/vmware.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,14 +10,14 @@
type vmware_exec_t;
corecmd_executable_file(vmware_exec_t)
@@ -5974,7 +5738,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.5.12/policy/modules/apps/wine.if
--- nsaserefpolicy/policy/modules/apps/wine.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/wine.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/wine.if 2008-10-14 15:00:15.000000000 -0400
@@ -49,3 +49,53 @@
role $2 types wine_t;
allow wine_t $3:chr_file rw_term_perms;
@@ -6031,7 +5795,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.5.12/policy/modules/apps/wine.te
--- nsaserefpolicy/policy/modules/apps/wine.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/wine.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/wine.te 2008-10-14 15:00:15.000000000 -0400
@@ -9,6 +9,7 @@
type wine_t;
type wine_exec_t;
@@ -6060,7 +5824,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wireshark.if serefpolicy-3.5.12/policy/modules/apps/wireshark.if
--- nsaserefpolicy/policy/modules/apps/wireshark.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/apps/wireshark.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/wireshark.if 2008-10-14 15:00:15.000000000 -0400
@@ -134,7 +134,7 @@
sysnet_read_config($1_wireshark_t)
@@ -6072,14 +5836,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_manage_nfs_dirs($1_wireshark_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.fc serefpolicy-3.5.12/policy/modules/apps/wm.fc
--- nsaserefpolicy/policy/modules/apps/wm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/wm.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/wm.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,3 @@
+/usr/bin/twm -- gen_context(system_u:object_r:wm_exec_t,s0)
+/usr/bin/openbox -- gen_context(system_u:object_r:wm_exec_t,s0)
+/usr/bin/metacity -- gen_context(system_u:object_r:wm_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.5.12/policy/modules/apps/wm.if
--- nsaserefpolicy/policy/modules/apps/wm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/wm.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/wm.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,178 @@
+## <summary>Window Manager.</summary>
+
@@ -6261,7 +6025,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.5.12/policy/modules/apps/wm.te
--- nsaserefpolicy/policy/modules/apps/wm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/apps/wm.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/apps/wm.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,10 @@
+policy_module(wm,0.0.4)
+
@@ -6275,7 +6039,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+wm_domain_template(user,xdm)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.5.12/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/corecommands.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/corecommands.fc 2008-10-14 15:00:15.000000000 -0400
@@ -129,6 +129,8 @@
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
')
@@ -6315,7 +6079,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/oracle/xe/apps(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.5.12/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/corecommands.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/corecommands.if 2008-10-14 15:00:15.000000000 -0400
@@ -894,6 +894,7 @@
read_lnk_files_pattern($1, bin_t, bin_t)
@@ -6325,8 +6089,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.5.12/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/corenetwork.te.in 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-10-14 11:58:07.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/corenetwork.te.in 2008-10-14 15:00:15.000000000 -0400
@@ -93,6 +93,7 @@
network_port(distccd, tcp,3632,s0)
network_port(dns, udp,53,s0, tcp,53,s0)
@@ -6398,7 +6162,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
network_port(xen, tcp,8002,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.5.12/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2008-10-08 21:42:58.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/devices.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/devices.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,7 +1,7 @@
/dev -d gen_context(system_u:object_r:device_t,s0)
@@ -6520,7 +6284,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.5.12/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2008-10-08 21:42:58.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/devices.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/devices.if 2008-10-14 15:00:15.000000000 -0400
@@ -65,7 +65,7 @@
relabelfrom_dirs_pattern($1, device_t, device_node)
@@ -6530,32 +6294,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
relabelfrom_fifo_files_pattern($1, device_t, device_node)
relabelfrom_sock_files_pattern($1, device_t, device_node)
relabel_blk_files_pattern($1,device_t,{ device_t device_node })
-@@ -148,6 +148,24 @@
-
- ########################################
- ## <summary>
-+## Del entries to directories in /dev.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed to add entries.
-+## </summary>
-+## </param>
-+#
-+interface(`dev_del_entry_generic_dirs',`
-+ gen_require(`
-+ type device_t;
-+ ')
-+
-+ allow $1 device_t:dir del_entry_dir_perms;
-+')
-+
-+########################################
-+## <summary>
- ## Create a directory in the device directory.
- ## </summary>
- ## <param name="domain">
-@@ -167,6 +185,25 @@
+@@ -167,6 +167,25 @@
########################################
## <summary>
@@ -6581,7 +6320,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Delete a directory in the device directory.
## </summary>
## <param name="domain">
-@@ -667,6 +704,7 @@
+@@ -667,6 +686,7 @@
')
dontaudit $1 device_node:blk_file getattr;
@@ -6589,7 +6328,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -704,6 +742,7 @@
+@@ -704,6 +724,7 @@
')
dontaudit $1 device_node:chr_file getattr;
@@ -6597,7 +6336,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -1160,6 +1199,25 @@
+@@ -1160,6 +1181,25 @@
########################################
## <summary>
@@ -6623,7 +6362,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read the CPU identity.
## </summary>
## <param name="domain">
-@@ -1958,6 +2016,42 @@
+@@ -1958,6 +1998,42 @@
########################################
## <summary>
@@ -6666,7 +6405,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read and write to the null device (/dev/null).
## </summary>
## <param name="domain">
-@@ -2769,6 +2863,24 @@
+@@ -2769,6 +2845,24 @@
########################################
## <summary>
@@ -6691,7 +6430,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read and write generic the USB devices.
## </summary>
## <param name="domain">
-@@ -2787,6 +2899,97 @@
+@@ -2787,6 +2881,97 @@
########################################
## <summary>
@@ -6789,7 +6528,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Mount a usbfs filesystem.
## </summary>
## <param name="domain">
-@@ -3322,3 +3525,223 @@
+@@ -3322,3 +3507,223 @@
typeattribute $1 devices_unconfined_type;
')
@@ -7015,7 +6754,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.5.12/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2008-10-08 21:42:58.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/devices.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/devices.te 2008-10-14 15:00:15.000000000 -0400
@@ -32,6 +32,12 @@
type apm_bios_t;
dev_node(apm_bios_t)
@@ -7083,7 +6822,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type power_device_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.5.12/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/domain.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/domain.if 2008-10-14 15:00:15.000000000 -0400
@@ -1247,18 +1247,34 @@
## </summary>
## </param>
@@ -7124,7 +6863,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## all protocols (TCP, UDP, etc)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.5.12/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/domain.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/domain.te 2008-10-14 15:00:15.000000000 -0400
@@ -5,6 +5,13 @@
#
# Declarations
@@ -7208,7 +6947,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+dontaudit can_change_object_identity can_change_object_identity:key link;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.5.12/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/files.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/files.fc 2008-10-14 15:00:15.000000000 -0400
@@ -32,6 +32,7 @@
/boot/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
/boot/lost\+found/.* <<none>>
@@ -7227,7 +6966,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.12/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/files.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/files.if 2008-10-14 15:00:15.000000000 -0400
@@ -110,6 +110,11 @@
## </param>
#
@@ -7564,8 +7303,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ manage_lnk_files_pattern($1,var_run_t,var_run_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.5.12/policy/modules/kernel/files.te
---- nsaserefpolicy/policy/modules/kernel/files.te 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/files.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.te 2008-10-14 11:58:07.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/files.te 2008-10-14 15:00:15.000000000 -0400
@@ -52,11 +52,14 @@
#
# etc_t is the type of the system etc directories.
@@ -7604,7 +7343,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.5.12/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/filesystem.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/filesystem.if 2008-10-14 15:00:15.000000000 -0400
@@ -535,6 +535,24 @@
########################################
@@ -8038,8 +7777,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ dontaudit $1 fusefs_t:file manage_file_perms;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.5.12/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/filesystem.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2008-10-14 11:58:07.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/filesystem.te 2008-10-14 15:00:15.000000000 -0400
@@ -21,7 +21,6 @@
# Use xattrs for the following filesystem types.
@@ -8078,7 +7817,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.5.12/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/kernel.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/kernel.if 2008-10-14 15:00:15.000000000 -0400
@@ -1198,6 +1198,7 @@
')
@@ -8134,7 +7873,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.5.12/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/kernel.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/kernel.te 2008-10-14 15:00:15.000000000 -0400
@@ -63,6 +63,15 @@
genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
@@ -8170,7 +7909,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_default_files(kernel_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.5.12/policy/modules/kernel/selinux.if
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/selinux.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/selinux.if 2008-10-14 15:00:15.000000000 -0400
@@ -164,6 +164,7 @@
type security_t;
')
@@ -8262,8 +8001,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ mls_trusted_object($1)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-3.5.12/policy/modules/kernel/selinux.te
---- nsaserefpolicy/policy/modules/kernel/selinux.te 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/selinux.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/selinux.te 2008-10-14 11:58:07.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/selinux.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,6 +10,7 @@
attribute can_setenforce;
attribute can_setsecparam;
@@ -8286,7 +8025,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.5.12/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/kernel/terminal.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/terminal.if 2008-10-14 15:00:15.000000000 -0400
@@ -250,9 +250,11 @@
interface(`term_dontaudit_use_console',`
gen_require(`
@@ -8301,12 +8040,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.5.12/policy/modules/roles/guest.fc
--- nsaserefpolicy/policy/modules/roles/guest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/guest.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/guest.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1 @@
+# file contexts handled by userdomain and genhomedircon
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.if serefpolicy-3.5.12/policy/modules/roles/guest.if
--- nsaserefpolicy/policy/modules/roles/guest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/guest.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/guest.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,161 @@
+## <summary>Least privledge terminal user role</summary>
+
@@ -8471,7 +8210,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.5.12/policy/modules/roles/guest.te
--- nsaserefpolicy/policy/modules/roles/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/guest.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/guest.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,35 @@
+
+policy_module(guest, 1.0.0)
@@ -8510,12 +8249,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.fc serefpolicy-3.5.12/policy/modules/roles/logadm.fc
--- nsaserefpolicy/policy/modules/roles/logadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/logadm.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/logadm.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1 @@
+# file contexts handled by userdomain and genhomedircon
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.if serefpolicy-3.5.12/policy/modules/roles/logadm.if
--- nsaserefpolicy/policy/modules/roles/logadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/logadm.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/logadm.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,44 @@
+## <summary>Audit administrator role</summary>
+
@@ -8563,7 +8302,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.te serefpolicy-3.5.12/policy/modules/roles/logadm.te
--- nsaserefpolicy/policy/modules/roles/logadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/logadm.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/logadm.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,20 @@
+
+policy_module(logadm, 1.0.0)
@@ -8587,7 +8326,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.12/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/roles/staff.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/staff.te 2008-10-14 15:00:15.000000000 -0400
@@ -8,23 +8,55 @@
role staff_r;
@@ -8647,7 +8386,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.12/policy/modules/roles/sysadm.if
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/roles/sysadm.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/sysadm.if 2008-10-14 15:00:15.000000000 -0400
@@ -334,10 +334,10 @@
#
interface(`sysadm_getattr_home_dirs',`
@@ -8828,7 +8567,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.5.12/policy/modules/roles/sysadm.te
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/roles/sysadm.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/sysadm.te 2008-10-14 15:00:15.000000000 -0400
@@ -171,6 +171,10 @@
')
@@ -8842,7 +8581,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.if serefpolicy-3.5.12/policy/modules/roles/unprivuser.if
--- nsaserefpolicy/policy/modules/roles/unprivuser.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/roles/unprivuser.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/unprivuser.if 2008-10-14 15:00:15.000000000 -0400
@@ -62,6 +62,26 @@
files_home_filetrans($1, user_home_dir_t, dir)
')
@@ -9487,8 +9226,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.5.12/policy/modules/roles/unprivuser.te
---- nsaserefpolicy/policy/modules/roles/unprivuser.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/roles/unprivuser.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/unprivuser.te 2008-10-14 15:00:15.000000000 -0400
@@ -13,3 +13,19 @@
userdom_unpriv_user_template(user)
@@ -9511,12 +9250,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.fc serefpolicy-3.5.12/policy/modules/roles/webadm.fc
--- nsaserefpolicy/policy/modules/roles/webadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/webadm.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/webadm.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1 @@
+# No webadm file contexts.
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.if serefpolicy-3.5.12/policy/modules/roles/webadm.if
--- nsaserefpolicy/policy/modules/roles/webadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/webadm.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/webadm.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,44 @@
+## <summary>Policy for webadm role</summary>
+
@@ -9564,7 +9303,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.te serefpolicy-3.5.12/policy/modules/roles/webadm.te
--- nsaserefpolicy/policy/modules/roles/webadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/webadm.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/webadm.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,65 @@
+
+policy_module(webadm, 1.0.0)
@@ -9633,12 +9372,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.fc serefpolicy-3.5.12/policy/modules/roles/xguest.fc
--- nsaserefpolicy/policy/modules/roles/xguest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/xguest.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/xguest.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1 @@
+# file contexts handled by userdomain and genhomedircon
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.if serefpolicy-3.5.12/policy/modules/roles/xguest.if
--- nsaserefpolicy/policy/modules/roles/xguest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/xguest.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/xguest.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,161 @@
+## <summary>Least privledge X Windows user role</summary>
+
@@ -9803,7 +9542,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.5.12/policy/modules/roles/xguest.te
--- nsaserefpolicy/policy/modules/roles/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/roles/xguest.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/roles/xguest.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,82 @@
+
+policy_module(xguest, 1.0.0)
@@ -9889,7 +9628,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.if serefpolicy-3.5.12/policy/modules/services/aide.if
--- nsaserefpolicy/policy/modules/services/aide.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/aide.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/aide.if 2008-10-14 15:00:15.000000000 -0400
@@ -70,9 +70,11 @@
allow $1 aide_t:process { ptrace signal_perms };
ps_process_pattern($1, aide_t)
@@ -9906,7 +9645,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.5.12/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-10-03 11:12:14.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/apache.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/apache.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,12 +1,13 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -9990,7 +9729,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/www/html/[^/]*/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.5.12/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/apache.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/apache.if 2008-10-14 15:00:15.000000000 -0400
@@ -13,21 +13,16 @@
#
template(`apache_content_template',`
@@ -10642,8 +10381,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ typeattribute $1 httpd_rw_content;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.12/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/apache.te 2008-10-10 16:26:16.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apache.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/apache.te 2008-10-14 15:00:15.000000000 -0400
@@ -20,6 +20,8 @@
# Declarations
#
@@ -11284,7 +11023,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+manage_lnk_files_pattern(httpd_t,httpdcontent,httpd_rw_content)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.fc serefpolicy-3.5.12/policy/modules/services/arpwatch.fc
--- nsaserefpolicy/policy/modules/services/arpwatch.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/arpwatch.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/arpwatch.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/arpwatch -- gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0)
@@ -11292,7 +11031,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /usr
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.5.12/policy/modules/services/arpwatch.if
--- nsaserefpolicy/policy/modules/services/arpwatch.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/arpwatch.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/arpwatch.if 2008-10-14 15:00:15.000000000 -0400
@@ -90,3 +90,45 @@
dontaudit $1 arpwatch_t:packet_socket { read write };
@@ -11341,7 +11080,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.5.12/policy/modules/services/arpwatch.te
--- nsaserefpolicy/policy/modules/services/arpwatch.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/arpwatch.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/arpwatch.te 2008-10-14 15:00:15.000000000 -0400
@@ -13,6 +13,9 @@
type arpwatch_data_t;
files_type(arpwatch_data_t)
@@ -11354,7 +11093,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.fc serefpolicy-3.5.12/policy/modules/services/asterisk.fc
--- nsaserefpolicy/policy/modules/services/asterisk.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/asterisk.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/asterisk.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,5 @@
/etc/asterisk(/.*)? gen_context(system_u:object_r:asterisk_etc_t,s0)
+/etc/rc\.d/init\.d/asterisk -- gen_context(system_u:object_r:asterisk_initrc_exec_t,s0)
@@ -11363,7 +11102,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.5.12/policy/modules/services/asterisk.if
--- nsaserefpolicy/policy/modules/services/asterisk.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/asterisk.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/asterisk.if 2008-10-14 15:00:15.000000000 -0400
@@ -1 +1,54 @@
## <summary>Asterisk IP telephony server</summary>
+
@@ -11421,7 +11160,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.5.12/policy/modules/services/asterisk.te
--- nsaserefpolicy/policy/modules/services/asterisk.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/asterisk.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/asterisk.te 2008-10-14 15:00:15.000000000 -0400
@@ -13,6 +13,9 @@
type asterisk_etc_t;
files_config_file(asterisk_etc_t)
@@ -11434,7 +11173,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audioentropy.fc serefpolicy-3.5.12/policy/modules/services/audioentropy.fc
--- nsaserefpolicy/policy/modules/services/audioentropy.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/audioentropy.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/audioentropy.fc 2008-10-14 15:00:15.000000000 -0400
@@ -2,3 +2,5 @@
# /usr
#
@@ -11443,7 +11182,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/audio-entropyd\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audioentropy.te serefpolicy-3.5.12/policy/modules/services/audioentropy.te
--- nsaserefpolicy/policy/modules/services/audioentropy.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/audioentropy.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/audioentropy.te 2008-10-14 15:00:15.000000000 -0400
@@ -35,6 +35,7 @@
dev_read_rand(entropyd_t)
dev_write_rand(entropyd_t)
@@ -11453,8 +11192,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(entropyd_t)
fs_search_auto_mountpoints(entropyd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.5.12/policy/modules/services/automount.te
---- nsaserefpolicy/policy/modules/services/automount.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/automount.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/automount.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/automount.te 2008-10-14 15:00:15.000000000 -0400
@@ -71,6 +71,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -11482,7 +11221,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.fc serefpolicy-3.5.12/policy/modules/services/avahi.fc
--- nsaserefpolicy/policy/modules/services/avahi.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/avahi.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/avahi.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,5 +1,9 @@
+/etc/rc\.d/init\.d/avahi.* -- gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
@@ -11495,7 +11234,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/avahi-autoipd(/.*) gen_context(system_u:object_r:avahi_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.5.12/policy/modules/services/avahi.if
--- nsaserefpolicy/policy/modules/services/avahi.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/avahi.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/avahi.if 2008-10-14 15:00:15.000000000 -0400
@@ -2,6 +2,84 @@
########################################
@@ -11622,7 +11361,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.5.12/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/avahi.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/avahi.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,6 +10,12 @@
type avahi_exec_t;
init_daemon_domain(avahi_t, avahi_exec_t)
@@ -11674,7 +11413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.5.12/policy/modules/services/bind.fc
--- nsaserefpolicy/policy/modules/services/bind.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/bind.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/bind.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,4 @@
-/etc/rc.d/init.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
@@ -11682,8 +11421,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.5.12/policy/modules/services/bind.if
---- nsaserefpolicy/policy/modules/services/bind.if 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/bind.if 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bind.if 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/bind.if 2008-10-14 15:00:15.000000000 -0400
@@ -257,6 +257,25 @@
########################################
@@ -11710,15 +11449,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## All of the rules required to administrate
## an bind environment
## </summary>
-@@ -265,11 +284,20 @@
- ## Domain allowed access.
- ## </summary>
+@@ -267,19 +286,18 @@
## </param>
-+## <param name="role">
-+## <summary>
+ ## <param name="role">
+ ## <summary>
+-## Role allowed access.
+-## </summary>
+-## </param>
+-## <param name="terminal">
+-## <summary>
+-## The type of the terminal.
+## The role to be allowed to manage the bind domain.
-+## </summary>
-+## </param>
+ ## </summary>
+ ## </param>
## <rolecap/>
#
interface(`bind_admin',`
@@ -11732,7 +11475,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
allow $1 named_t:process { ptrace signal_perms };
-@@ -279,4 +307,28 @@
+@@ -289,4 +307,28 @@
ps_process_pattern($1, ndc_t)
bind_run_ndc($1, $2, $3)
@@ -11762,8 +11505,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, named_var_run_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.5.12/policy/modules/services/bind.te
---- nsaserefpolicy/policy/modules/services/bind.te 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/bind.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bind.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/bind.te 2008-10-14 15:00:15.000000000 -0400
@@ -249,6 +249,8 @@
sysnet_read_config(ndc_t)
sysnet_dns_name_resolve(ndc_t)
@@ -11773,28 +11516,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# for /etc/rndc.key
ifdef(`distro_redhat',`
allow ndc_t named_conf_t:dir search;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.5.12/policy/modules/services/bitlbee.te
---- nsaserefpolicy/policy/modules/services/bitlbee.te 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/bitlbee.te 2008-10-10 16:08:15.000000000 -0400
-@@ -1,5 +1,5 @@
-
--policy_module(bitlbee, 1.0.2)
-+policy_module(bitlbee, 1.0.1)
-
- ########################################
- #
-@@ -65,7 +65,7 @@
- # and to MSNP (MSN Messenger) servers:
- corenet_tcp_connect_msnp_port(bitlbee_t)
- corenet_tcp_sendrecv_msnp_port(bitlbee_t)
--# MSN can use passport auth, which is over http:
-+
- corenet_tcp_connect_http_port(bitlbee_t)
- corenet_tcp_sendrecv_http_port(bitlbee_t)
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.5.12/policy/modules/services/bluetooth.fc
--- nsaserefpolicy/policy/modules/services/bluetooth.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/bluetooth.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/bluetooth.fc 2008-10-14 15:00:15.000000000 -0400
@@ -3,6 +3,9 @@
#
/etc/bluetooth(/.*)? gen_context(system_u:object_r:bluetooth_conf_t,s0)
@@ -11812,7 +11536,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/bluetoothd_address gen_context(system_u:object_r:bluetooth_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.5.12/policy/modules/services/bluetooth.if
--- nsaserefpolicy/policy/modules/services/bluetooth.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/bluetooth.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/bluetooth.if 2008-10-14 15:00:15.000000000 -0400
@@ -226,3 +226,56 @@
dontaudit $1 bluetooth_helper_domain:dir search;
dontaudit $1 bluetooth_helper_domain:file { read getattr };
@@ -11872,7 +11596,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.5.12/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/bluetooth.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/bluetooth.te 2008-10-14 15:00:15.000000000 -0400
@@ -20,6 +20,9 @@
type bluetooth_helper_exec_t;
application_executable_file(bluetooth_helper_exec_t)
@@ -11949,7 +11673,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.5.12/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/clamav.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/clamav.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,20 +1,22 @@
/etc/clamav(/.*)? gen_context(system_u:object_r:clamd_etc_t,s0)
+/etc/rc\.d/init\.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_initrc_exec_t,s0)
@@ -11980,7 +11704,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.5.12/policy/modules/services/clamav.if
--- nsaserefpolicy/policy/modules/services/clamav.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/clamav.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/clamav.if 2008-10-14 15:00:15.000000000 -0400
@@ -38,6 +38,27 @@
########################################
@@ -12099,7 +11823,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.5.12/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/clamav.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/clamav.te 2008-10-14 15:00:15.000000000 -0400
@@ -13,7 +13,10 @@
# configuration files
@@ -12191,7 +11915,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.5.12/policy/modules/services/consolekit.fc
--- nsaserefpolicy/policy/modules/services/consolekit.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/consolekit.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/consolekit.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,3 +1,6 @@
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
@@ -12201,7 +11925,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.5.12/policy/modules/services/consolekit.if
--- nsaserefpolicy/policy/modules/services/consolekit.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/consolekit.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/consolekit.if 2008-10-14 15:00:15.000000000 -0400
@@ -38,3 +38,24 @@
allow $1 consolekit_t:dbus send_msg;
allow consolekit_t $1:dbus send_msg;
@@ -12229,7 +11953,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.5.12/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/consolekit.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/consolekit.te 2008-10-14 15:00:15.000000000 -0400
@@ -13,6 +13,9 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -12345,7 +12069,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.5.12/policy/modules/services/courier.fc
--- nsaserefpolicy/policy/modules/services/courier.fc 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/courier.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/courier.fc 2008-10-14 15:00:15.000000000 -0400
@@ -19,5 +19,5 @@
/var/lib/courier(/.*)? -- gen_context(system_u:object_r:courier_var_lib_t,s0)
@@ -12354,8 +12078,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
+/var/spool/authdaemon(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.5.12/policy/modules/services/courier.te
---- nsaserefpolicy/policy/modules/services/courier.te 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/courier.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/courier.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/courier.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,6 +10,7 @@
type courier_etc_t;
@@ -12376,7 +12100,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Calendar (PCP) local policy
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.5.12/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cron.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/cron.fc 2008-10-14 15:00:15.000000000 -0400
@@ -17,6 +17,8 @@
/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -12395,7 +12119,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.5.12/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cron.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/cron.if 2008-10-14 15:00:15.000000000 -0400
@@ -35,39 +35,24 @@
#
template(`cron_per_role_template',`
@@ -12747,7 +12471,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.5.12/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cron.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/cron.te 2008-10-14 15:00:15.000000000 -0400
@@ -12,14 +12,6 @@
## <desc>
@@ -13021,7 +12745,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.5.12/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cups.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/cups.fc 2008-10-14 15:00:15.000000000 -0400
@@ -8,24 +8,33 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -13090,7 +12814,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/cups/backend/cups-pdf -- gen_context(system_u:object_r:cups_pdf_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.5.12/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cups.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/cups.if 2008-10-14 15:00:15.000000000 -0400
@@ -20,6 +20,30 @@
########################################
@@ -13217,8 +12941,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.12/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te 2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cups.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cups.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/cups.te 2008-10-14 15:00:15.000000000 -0400
@@ -20,6 +20,12 @@
type cupsd_etc_t;
files_config_file(cupsd_etc_t)
@@ -13609,139 +13333,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+sysadm_dontaudit_read_home_content_files(cups_pdf_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.fc serefpolicy-3.5.12/policy/modules/services/cvs.fc
---- nsaserefpolicy/policy/modules/services/cvs.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cvs.fc 2008-10-10 16:08:15.000000000 -0400
-@@ -5,3 +5,6 @@
-
- /var/cvs(/.*)? gen_context(system_u:object_r:cvs_data_t,s0)
-
-+#CVSWeb file context
-+/usr/share/cvsweb/cvsweb\.cgi -- gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
-+/var/www/cgi-bin/cvsweb\.cgi -- gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.5.12/policy/modules/services/cvs.if
---- nsaserefpolicy/policy/modules/services/cvs.if 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cvs.if 2008-10-10 16:08:15.000000000 -0400
-@@ -69,4 +69,13 @@
- domain_system_change_exemption($1)
- role_transition $2 cvs_initrc_exec_t system_r;
- allow $2 system_r;
-+
-+ files_list_tmp($1)
-+ admin_pattern($1, cvs_tmp_t)
-+
-+ admin_pattern($1, cvs_data_t)
-+
-+ files_list_pids($1)
-+ admin_pattern($1, cvs_var_run_t)
- ')
-+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.5.12/policy/modules/services/cvs.te
---- nsaserefpolicy/policy/modules/services/cvs.te 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cvs.te 2008-10-10 16:08:15.000000000 -0400
-@@ -99,7 +99,17 @@
- ')
-
- optional_policy(`
-- kerberos_read_keytab(cvs_t)
-+ kerberos_keytab_template(cvs, cvs_t)
- kerberos_read_config(cvs_t)
- kerberos_dontaudit_write_config(cvs_t)
- ')
-+
-+########################################
-+# CVSWeb policy
-+
-+apache_content_template(cvs)
-+
-+read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
-+manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
-+manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
-+files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.fc serefpolicy-3.5.12/policy/modules/services/cyrus.fc
---- nsaserefpolicy/policy/modules/services/cyrus.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cyrus.fc 2008-10-10 16:08:15.000000000 -0400
-@@ -1,3 +1,4 @@
-+/etc/rc\.d/init\.d/cyrus -- gen_context(system_u:object_r:cyrus_initrc_exec_t,s0)
-
- /usr/lib(64)?/cyrus-imapd/cyrus-master -- gen_context(system_u:object_r:cyrus_exec_t,s0)
-
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.if serefpolicy-3.5.12/policy/modules/services/cyrus.if
---- nsaserefpolicy/policy/modules/services/cyrus.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cyrus.if 2008-10-10 16:08:15.000000000 -0400
-@@ -39,3 +39,47 @@
- files_search_var_lib($1)
- stream_connect_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t, cyrus_t)
- ')
-+
-+########################################
-+## <summary>
-+## All of the rules required to administrate
-+## an cyrus environment
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+## <param name="role">
-+## <summary>
-+## The role to be allowed to manage the cyrus domain.
-+## </summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`cyrus_admin',`
-+ gen_require(`
-+ type cyrus_t, cyrus_tmp_t, cyrus_var_lib_t;
-+ type cyrus_var_run_t;
-+ type cyrus_initrc_exec_t;
-+ ')
-+
-+ allow $1 cyrus_t:process { ptrace signal_perms };
-+ ps_process_pattern($1, cyrus_t)
-+
-+ init_labeled_script_domtrans($1, cyrus_initrc_exec_t)
-+ domain_system_change_exemption($1)
-+ role_transition $2 cyrus_initrc_exec_t system_r;
-+ allow $2 system_r;
-+
-+ files_list_tmp($1)
-+ admin_pattern($1, cyrus_tmp_t)
-+
-+ files_list_var_lib($1)
-+ admin_pattern($1, cyrus_var_lib_t)
-+
-+ files_list_pids($1)
-+ admin_pattern($1, cyrus_var_run_t)
-+')
-+
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.5.12/policy/modules/services/cyrus.te
---- nsaserefpolicy/policy/modules/services/cyrus.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/cyrus.te 2008-10-10 16:08:15.000000000 -0400
-@@ -10,6 +10,9 @@
- type cyrus_exec_t;
- init_daemon_domain(cyrus_t, cyrus_exec_t)
-
-+type cyrus_initrc_exec_t;
-+init_script_file(cyrus_initrc_exec_t)
-+
- type cyrus_tmp_t;
- files_tmp_file(cyrus_tmp_t)
-
-@@ -120,7 +123,7 @@
- ')
-
- optional_policy(`
-- kerberos_use(cyrus_t)
-+ kerberos_keytab_template(cyrus, cyrus_t)
+--- nsaserefpolicy/policy/modules/services/cvs.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/cvs.te 2008-10-14 15:01:34.000000000 -0400
+@@ -115,4 +115,5 @@
+ read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
+ manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
+ manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
++ files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
')
-
- optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.5.12/policy/modules/services/dbus.fc
--- nsaserefpolicy/policy/modules/services/dbus.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dbus.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dbus.fc 2008-10-14 15:00:15.000000000 -0400
@@ -4,6 +4,9 @@
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
/bin/dbus-daemon -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
@@ -13754,7 +13357,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.5.12/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dbus.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dbus.if 2008-10-14 15:00:15.000000000 -0400
@@ -53,6 +53,7 @@
gen_require(`
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -14055,7 +13658,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.5.12/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dbus.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dbus.te 2008-10-14 15:00:15.000000000 -0400
@@ -9,9 +9,10 @@
#
# Delcarations
@@ -14179,7 +13782,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.5.12/policy/modules/services/dcc.if
--- nsaserefpolicy/policy/modules/services/dcc.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dcc.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dcc.if 2008-10-14 15:00:15.000000000 -0400
@@ -72,6 +72,24 @@
########################################
@@ -14207,7 +13810,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.5.12/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dcc.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dcc.te 2008-10-14 15:00:15.000000000 -0400
@@ -105,6 +105,8 @@
files_read_etc_files(cdcc_t)
files_read_etc_runtime_files(cdcc_t)
@@ -14379,7 +13982,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.fc serefpolicy-3.5.12/policy/modules/services/dhcp.fc
--- nsaserefpolicy/policy/modules/services/dhcp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dhcp.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dhcp.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/dhcpd -- gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0)
@@ -14387,7 +13990,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.5.12/policy/modules/services/dhcp.if
--- nsaserefpolicy/policy/modules/services/dhcp.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dhcp.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dhcp.if 2008-10-14 15:00:15.000000000 -0400
@@ -19,3 +19,63 @@
sysnet_search_dhcp_state($1)
allow $1 dhcpd_state_t:file setattr;
@@ -14454,7 +14057,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.5.12/policy/modules/services/dhcp.te
--- nsaserefpolicy/policy/modules/services/dhcp.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dhcp.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dhcp.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,6 +10,9 @@
type dhcpd_exec_t;
init_daemon_domain(dhcpd_t, dhcpd_exec_t)
@@ -14522,7 +14125,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.5.12/policy/modules/services/dnsmasq.fc
--- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dnsmasq.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dnsmasq.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,7 @@
+/etc/rc\.d/init\.d/dnsmasq -- gen_context(system_u:object_r:dnsmasq_initrc_exec_t,s0)
+
@@ -14533,7 +14136,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.5.12/policy/modules/services/dnsmasq.if
--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dnsmasq.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dnsmasq.if 2008-10-14 15:00:15.000000000 -0400
@@ -1 +1,117 @@
## <summary>dnsmasq DNS forwarder and DHCP server</summary>
+
@@ -14654,7 +14257,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.12/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dnsmasq.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dnsmasq.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,6 +10,9 @@
type dnsmasq_exec_t;
init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
@@ -14703,7 +14306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.5.12/policy/modules/services/dovecot.fc
--- nsaserefpolicy/policy/modules/services/dovecot.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dovecot.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dovecot.fc 2008-10-14 15:00:15.000000000 -0400
@@ -6,6 +6,7 @@
/etc/dovecot\.passwd.* gen_context(system_u:object_r:dovecot_passwd_t,s0)
@@ -14743,7 +14346,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.5.12/policy/modules/services/dovecot.if
--- nsaserefpolicy/policy/modules/services/dovecot.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dovecot.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dovecot.if 2008-10-14 15:00:15.000000000 -0400
@@ -21,7 +21,46 @@
########################################
@@ -14855,7 +14458,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.5.12/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dovecot.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/dovecot.te 2008-10-14 15:00:15.000000000 -0400
@@ -15,12 +15,21 @@
domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -15027,7 +14630,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.5.12/policy/modules/services/exim.if
--- nsaserefpolicy/policy/modules/services/exim.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/exim.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/exim.if 2008-10-14 15:00:15.000000000 -0400
@@ -97,6 +97,26 @@
########################################
@@ -15081,7 +14684,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.5.12/policy/modules/services/exim.te
--- nsaserefpolicy/policy/modules/services/exim.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/exim.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/exim.te 2008-10-14 15:00:15.000000000 -0400
@@ -21,9 +21,20 @@
## </desc>
gen_tunable(exim_manage_user_files, false)
@@ -15251,7 +14854,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.5.12/policy/modules/services/fetchmail.if
--- nsaserefpolicy/policy/modules/services/fetchmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/fetchmail.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/fetchmail.if 2008-10-14 15:00:15.000000000 -0400
@@ -21,10 +21,10 @@
ps_process_pattern($1, fetchmail_t)
@@ -15267,8 +14870,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, fetchmail_var_run_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.5.12/policy/modules/services/fetchmail.te
---- nsaserefpolicy/policy/modules/services/fetchmail.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/fetchmail.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/fetchmail.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/fetchmail.te 2008-10-14 15:00:15.000000000 -0400
@@ -91,6 +91,10 @@
')
@@ -15281,8 +14884,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.12/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te 2008-10-08 19:00:26.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ftp.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ftp.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ftp.te 2008-10-14 15:00:15.000000000 -0400
@@ -226,6 +226,11 @@
userdom_manage_all_users_home_content_dirs(ftpd_t)
userdom_manage_all_users_home_content_files(ftpd_t)
@@ -15323,13 +14926,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.fc serefpolicy-3.5.12/policy/modules/services/gamin.fc
--- nsaserefpolicy/policy/modules/services/gamin.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/gamin.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/gamin.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/libexec/gam_server -- gen_context(system_u:object_r:gamin_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.if serefpolicy-3.5.12/policy/modules/services/gamin.if
--- nsaserefpolicy/policy/modules/services/gamin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/gamin.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/gamin.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,57 @@
+
+## <summary>policy for gamin</summary>
@@ -15390,7 +14993,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.te serefpolicy-3.5.12/policy/modules/services/gamin.te
--- nsaserefpolicy/policy/modules/services/gamin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/gamin.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/gamin.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,39 @@
+policy_module(gamin, 1.0.0)
+
@@ -15433,14 +15036,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.5.12/policy/modules/services/gnomeclock.fc
--- nsaserefpolicy/policy/modules/services/gnomeclock.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/gnomeclock.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/gnomeclock.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.5.12/policy/modules/services/gnomeclock.if
--- nsaserefpolicy/policy/modules/services/gnomeclock.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/gnomeclock.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/gnomeclock.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,75 @@
+
+## <summary>policy for gnomeclock</summary>
@@ -15519,7 +15122,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.5.12/policy/modules/services/gnomeclock.te
--- nsaserefpolicy/policy/modules/services/gnomeclock.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/gnomeclock.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/gnomeclock.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,55 @@
+policy_module(gnomeclock, 1.0.0)
+########################################
@@ -15578,7 +15181,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.5.12/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/hal.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/hal.fc 2008-10-14 15:00:15.000000000 -0400
@@ -9,6 +9,7 @@
/usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
@@ -15598,7 +15201,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/haldaemon\.pid -- gen_context(system_u:object_r:hald_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.5.12/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/hal.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/hal.if 2008-10-14 15:00:15.000000000 -0400
@@ -302,3 +302,42 @@
files_search_pids($1)
allow $1 hald_var_run_t:file rw_file_perms;
@@ -15644,7 +15247,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.12/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/hal.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/hal.te 2008-10-14 15:00:15.000000000 -0400
@@ -49,6 +49,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -15755,7 +15358,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+cron_read_system_job_lib_files(hald_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.5.12/policy/modules/services/inetd.fc
--- nsaserefpolicy/policy/modules/services/inetd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/inetd.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/inetd.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,6 +1,8 @@
/usr/sbin/identd -- gen_context(system_u:object_r:inetd_child_exec_t,s0)
@@ -15766,8 +15369,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rlinetd -- gen_context(system_u:object_r:inetd_exec_t,s0)
/usr/sbin/xinetd -- gen_context(system_u:object_r:inetd_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.5.12/policy/modules/services/inetd.te
---- nsaserefpolicy/policy/modules/services/inetd.te 2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/inetd.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/inetd.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/inetd.te 2008-10-14 15:00:15.000000000 -0400
@@ -136,6 +136,7 @@
domain_use_interactive_fds(inetd_t)
@@ -15785,8 +15388,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(inetd_child_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.5.12/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/kerberos.te 2008-10-10 16:08:56.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/kerberos.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/kerberos.te 2008-10-14 15:00:15.000000000 -0400
@@ -298,6 +298,7 @@
corenet_tcp_sendrecv_all_nodes(kpropd_t)
corenet_tcp_sendrecv_all_ports(kpropd_t)
@@ -15795,75 +15398,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_urand(kpropd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.fc serefpolicy-3.5.12/policy/modules/services/kerneloops.fc
---- nsaserefpolicy/policy/modules/services/kerneloops.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/kerneloops.fc 2008-10-10 16:08:15.000000000 -0400
-@@ -1 +1,3 @@
-+/etc/rc\.d/init\.d/kerneloops -- gen_context(system_u:object_r:kerneloops_initrc_exec_t,s0)
-+
- /usr/sbin/kerneloops -- gen_context(system_u:object_r:kerneloops_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.5.12/policy/modules/services/kerneloops.if
---- nsaserefpolicy/policy/modules/services/kerneloops.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/kerneloops.if 2008-10-10 16:08:15.000000000 -0400
-@@ -71,13 +71,25 @@
- ## Domain allowed access.
- ## </summary>
- ## </param>
-+## <param name="role">
-+## <summary>
-+## The role to be allowed to manage the kerneloops domain.
-+## </summary>
-+## </param>
- ## <rolecap/>
- #
- interface(`kerneloops_admin',`
- gen_require(`
- type kerneloops_t;
-+ type kerneloops_initrc_exec_t;
- ')
-
- allow $1 kerneloops_t:process { ptrace signal_perms };
- ps_process_pattern($1, kerneloops_t)
-+
-+ init_labeled_script_domtrans($1, kerneloops_initrc_exec_t)
-+ domain_system_change_exemption($1)
-+ role_transition $2 kerneloops_initrc_exec_t system_r;
-+ allow $2 system_r;
-+
- ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.5.12/policy/modules/services/kerneloops.te
---- nsaserefpolicy/policy/modules/services/kerneloops.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/kerneloops.te 2008-10-10 16:08:15.000000000 -0400
-@@ -10,13 +10,16 @@
- type kerneloops_exec_t;
- init_daemon_domain(kerneloops_t, kerneloops_exec_t)
-
-+type kerneloops_initrc_exec_t;
-+init_script_file(kerneloops_initrc_exec_t)
-+
- ########################################
- #
- # kerneloops local policy
- #
-
- allow kerneloops_t self:capability sys_nice;
--allow kerneloops_t self:process { setsched getsched };
-+allow kerneloops_t self:process { setsched getsched signal };
- allow kerneloops_t self:fifo_file rw_file_perms;
-
- kernel_read_ring_buffer(kerneloops_t)
-@@ -24,6 +27,8 @@
- # Init script handling
- domain_use_interactive_fds(kerneloops_t)
-
-+allow kerneloops_t self:netlink_route_socket r_netlink_socket_perms;
-+
- corenet_all_recvfrom_unlabeled(kerneloops_t)
- corenet_all_recvfrom_netlabel(kerneloops_t)
- corenet_tcp_sendrecv_all_if(kerneloops_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.5.12/policy/modules/services/ldap.te
---- nsaserefpolicy/policy/modules/services/ldap.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ldap.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ldap.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ldap.te 2008-10-14 15:00:15.000000000 -0400
@@ -121,7 +121,7 @@
sysadm_dontaudit_search_home_dirs(slapd_t)
@@ -15875,7 +15412,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.5.12/policy/modules/services/lpd.fc
--- nsaserefpolicy/policy/modules/services/lpd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/lpd.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/lpd.fc 2008-10-14 15:00:15.000000000 -0400
@@ -22,11 +22,14 @@
/usr/sbin/lpinfo -- gen_context(system_u:object_r:lpr_exec_t,s0)
/usr/sbin/lpmove -- gen_context(system_u:object_r:lpr_exec_t,s0)
@@ -15893,7 +15430,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/lprng(/.*)? gen_context(system_u:object_r:lpd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.5.12/policy/modules/services/mailman.fc
--- nsaserefpolicy/policy/modules/services/mailman.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/mailman.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mailman.fc 2008-10-14 15:00:15.000000000 -0400
@@ -31,3 +31,4 @@
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
@@ -15901,7 +15438,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.5.12/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/mailman.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mailman.if 2008-10-14 15:00:15.000000000 -0400
@@ -31,6 +31,12 @@
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -15951,7 +15488,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.5.12/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/mailman.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mailman.te 2008-10-14 15:00:15.000000000 -0400
@@ -53,10 +53,9 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -16007,13 +15544,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.5.12/policy/modules/services/mailscanner.fc
--- nsaserefpolicy/policy/modules/services/mailscanner.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/mailscanner.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mailscanner.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,2 @@
+/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:mailscanner_spool_t,s0)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.if serefpolicy-3.5.12/policy/modules/services/mailscanner.if
--- nsaserefpolicy/policy/modules/services/mailscanner.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/mailscanner.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mailscanner.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,59 @@
+## <summary>Anti-Virus and Anti-Spam Filter</summary>
+
@@ -16076,25 +15613,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.te serefpolicy-3.5.12/policy/modules/services/mailscanner.te
--- nsaserefpolicy/policy/modules/services/mailscanner.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/mailscanner.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mailscanner.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,5 @@
+
+policy_module(mailscanner, 1.0.0)
+
+type mailscanner_spool_t;
+files_type(mailscanner_spool_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.5.12/policy/modules/services/memcached.te
---- nsaserefpolicy/policy/modules/services/memcached.te 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/memcached.te 2008-10-10 16:08:15.000000000 -0400
-@@ -50,3 +50,5 @@
- miscfiles_read_localization(memcached_t)
-
- sysnet_dns_name_resolve(memcached_t)
-+
-+permissive memcached_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.5.12/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/mta.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mta.fc 2008-10-14 15:00:15.000000000 -0400
@@ -22,7 +22,3 @@
/var/spool/imap(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
/var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
@@ -16104,8 +15632,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#/var/spool/postfix(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
-#')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.5.12/policy/modules/services/mta.if
---- nsaserefpolicy/policy/modules/services/mta.if 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/mta.if 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mta.if 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mta.if 2008-10-14 15:06:51.000000000 -0400
@@ -133,6 +133,15 @@
sendmail_create_log($1_mail_t)
')
@@ -16122,24 +15650,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
#######################################
-@@ -199,7 +208,7 @@
- userdom_use_user_terminals($1, mta_user_agent)
- # Create dead.letter in user home directories.
- userdom_manage_user_home_content_files($1, $1_mail_t)
-- userdom_user_home_dir_filetrans_user_home_content($1, $1_mail_t, file)
-+ unprivuser_home_dir_filetrans_home_content($1_mail_t, file)
- # for reading .forward - maybe we need a new type for it?
- # also for delivering mail to maildir
- userdom_manage_user_home_content_dirs($1, mailserver_delivery)
-@@ -207,7 +216,7 @@
- userdom_manage_user_home_content_symlinks($1, mailserver_delivery)
- userdom_manage_user_home_content_pipes($1, mailserver_delivery)
- userdom_manage_user_home_content_sockets($1, mailserver_delivery)
-- userdom_user_home_dir_filetrans_user_home_content($1, mailserver_delivery, { dir file lnk_file fifo_file sock_file })
-+ unprivuser_home_dir_filetrans_home_content(mailserver_delivery, { dir file lnk_file fifo_file sock_file })
- # Read user temporary files.
- userdom_read_user_tmp_files($1, $1_mail_t)
- userdom_dontaudit_append_user_tmp_files($1, $1_mail_t)
@@ -220,6 +229,11 @@
fs_manage_cifs_symlinks($1_mail_t)
')
@@ -16174,33 +15684,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
')
-@@ -622,6 +639,25 @@
- files_search_etc($1)
- allow $1 etc_aliases_t:file { rw_file_perms setattr };
- ')
-+########################################
-+## <summary>
-+## manage mail aliases.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`mta_manage_aliases',`
-+ gen_require(`
-+ type etc_aliases_t;
-+ ')
-+
-+ files_search_etc($1)
-+ allow $1 etc_aliases_t:file manage_file_perms;
-+')
-
- #######################################
- ## <summary>
-@@ -873,6 +909,25 @@
+@@ -893,6 +911,25 @@
########################################
## <summary>
@@ -16227,8 +15711,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## mail queue files.
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.5.12/policy/modules/services/mta.te
---- nsaserefpolicy/policy/modules/services/mta.te 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/mta.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mta.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mta.te 2008-10-14 15:00:15.000000000 -0400
@@ -39,34 +39,50 @@
#
@@ -16363,7 +15847,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
arpwatch_search_data(mailserver_delivery)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.5.12/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/munin.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/munin.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,5 @@
/etc/munin(/.*)? gen_context(system_u:object_r:munin_etc_t,s0)
+/etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0)
@@ -16383,7 +15867,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.5.12/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/munin.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/munin.if 2008-10-14 15:00:15.000000000 -0400
@@ -80,3 +80,76 @@
dontaudit $1 munin_var_lib_t:dir search_dir_perms;
@@ -16463,7 +15947,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.5.12/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/munin.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/munin.te 2008-10-14 15:00:15.000000000 -0400
@@ -13,6 +13,9 @@
type munin_etc_t alias lrrd_etc_t;
files_config_file(munin_etc_t)
@@ -16593,7 +16077,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.5.12/policy/modules/services/mysql.fc
--- nsaserefpolicy/policy/modules/services/mysql.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/mysql.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mysql.fc 2008-10-14 15:00:15.000000000 -0400
@@ -5,6 +5,7 @@
#
/etc/my\.cnf -- gen_context(system_u:object_r:mysqld_etc_t,s0)
@@ -16604,7 +16088,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /usr
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.5.12/policy/modules/services/mysql.if
--- nsaserefpolicy/policy/modules/services/mysql.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/mysql.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mysql.if 2008-10-14 15:00:15.000000000 -0400
@@ -53,9 +53,11 @@
interface(`mysql_stream_connect',`
gen_require(`
@@ -16666,8 +16150,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, mysqld_tmp_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.5.12/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/mysql.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mysql.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/mysql.te 2008-10-14 15:00:15.000000000 -0400
@@ -19,6 +19,9 @@
type mysqld_etc_t alias etc_mysqld_t;
files_config_file(mysqld_etc_t)
@@ -16698,7 +16182,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.5.12/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nagios.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/nagios.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,16 +1,19 @@
/etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0)
/etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -16725,7 +16209,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.5.12/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nagios.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/nagios.if 2008-10-14 15:00:15.000000000 -0400
@@ -44,7 +44,7 @@
########################################
@@ -16808,7 +16292,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.5.12/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nagios.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/nagios.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,13 +10,12 @@
type nagios_exec_t;
init_daemon_domain(nagios_t, nagios_exec_t)
@@ -16909,7 +16393,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.5.12/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/networkmanager.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/networkmanager.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,8 +1,12 @@
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
+
@@ -16930,7 +16414,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.5.12/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/networkmanager.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/networkmanager.if 2008-10-14 15:00:15.000000000 -0400
@@ -118,6 +118,24 @@
########################################
@@ -16957,8 +16441,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## </summary>
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.12/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/networkmanager.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/networkmanager.te 2008-10-14 15:00:15.000000000 -0400
@@ -33,9 +33,9 @@
# networkmanager will ptrace itself if gdb is installed
@@ -17155,7 +16639,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+term_dontaudit_use_console(wpa_cli_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.5.12/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nis.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/nis.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,9 +1,13 @@
+/etc/rc\.d/init\.d/yppasswd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0)
@@ -17172,7 +16656,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.5.12/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nis.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/nis.if 2008-10-14 15:00:15.000000000 -0400
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -17305,7 +16789,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.5.12/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nis.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/nis.te 2008-10-14 15:00:15.000000000 -0400
@@ -44,6 +44,9 @@
type ypxfr_exec_t;
init_daemon_domain(ypxfr_t, ypxfr_exec_t)
@@ -17376,7 +16860,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_all_ports(ypxfr_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.5.12/policy/modules/services/nscd.fc
--- nsaserefpolicy/policy/modules/services/nscd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nscd.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/nscd.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/nscd -- gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
@@ -17384,7 +16868,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.5.12/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nscd.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/nscd.if 2008-10-14 15:00:15.000000000 -0400
@@ -70,15 +70,14 @@
interface(`nscd_socket_use',`
gen_require(`
@@ -17466,7 +16950,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.5.12/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nscd.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/nscd.te 2008-10-14 15:00:15.000000000 -0400
@@ -20,6 +20,9 @@
type nscd_exec_t;
init_daemon_domain(nscd_t, nscd_exec_t)
@@ -17565,8 +17049,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ samba_read_var_files(nscd_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.5.12/policy/modules/services/ntp.if
---- nsaserefpolicy/policy/modules/services/ntp.if 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ntp.if 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ntp.if 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ntp.if 2008-10-14 15:00:15.000000000 -0400
@@ -56,6 +56,24 @@
########################################
@@ -17593,8 +17077,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## an ntp environment
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.5.12/policy/modules/services/ntp.te
---- nsaserefpolicy/policy/modules/services/ntp.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ntp.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ntp.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ntp.te 2008-10-14 15:00:15.000000000 -0400
@@ -42,6 +42,7 @@
dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
allow ntpd_t self:process { signal_perms getcap setcap setsched setrlimit };
@@ -17614,7 +17098,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.5.12/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/oddjob.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/oddjob.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,4 @@
-/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -17623,7 +17107,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.5.12/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/oddjob.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/oddjob.if 2008-10-14 15:00:15.000000000 -0400
@@ -44,6 +44,7 @@
')
@@ -17669,7 +17153,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.5.12/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/oddjob.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/oddjob.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,14 +10,21 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -17730,8 +17214,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Add/remove user home directories
unprivuser_home_filetrans_home_dir(oddjob_mkhomedir_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.5.12/policy/modules/services/openvpn.te
---- nsaserefpolicy/policy/modules/services/openvpn.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/openvpn.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/openvpn.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/openvpn.te 2008-10-14 15:00:15.000000000 -0400
@@ -117,3 +117,11 @@
networkmanager_dbus_chat(openvpn_t)
@@ -17746,7 +17230,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.5.12/policy/modules/services/pads.fc
--- nsaserefpolicy/policy/modules/services/pads.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/pads.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/pads.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,12 @@
+
+/etc/pads-ether-codes -- gen_context(system_u:object_r:pads_config_t, s0)
@@ -17762,7 +17246,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.5.12/policy/modules/services/pads.if
--- nsaserefpolicy/policy/modules/services/pads.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/pads.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/pads.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,10 @@
+## <summary>SELinux policy for PADS daemon.</summary>
+## <desc>
@@ -17776,7 +17260,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.5.12/policy/modules/services/pads.te
--- nsaserefpolicy/policy/modules/services/pads.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/pads.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/pads.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,68 @@
+
+policy_module(pads, 0.0.1)
@@ -17848,7 +17332,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.5.12/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/pcscd.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/pcscd.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,6 +10,7 @@
type pcscd_exec_t;
domain_type(pcscd_t)
@@ -17874,7 +17358,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
openct_signull(pcscd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.5.12/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/pegasus.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/pegasus.te 2008-10-14 15:00:15.000000000 -0400
@@ -66,6 +66,7 @@
kernel_read_system_state(pegasus_t)
kernel_search_vm_sysctl(pegasus_t)
@@ -17909,7 +17393,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_dontaudit_use_unpriv_user_fds(pegasus_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.5.12/policy/modules/services/polkit.fc
--- nsaserefpolicy/policy/modules/services/polkit.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/polkit.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/polkit.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,9 @@
+
+/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -17922,7 +17406,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.5.12/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/polkit.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/polkit.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,213 @@
+
+## <summary>policy for polkit_auth</summary>
@@ -18139,7 +17623,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.5.12/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/polkit.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/polkit.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,231 @@
+policy_module(polkit_auth, 1.0.0)
+
@@ -18374,7 +17858,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portmap.te serefpolicy-3.5.12/policy/modules/services/portmap.te
--- nsaserefpolicy/policy/modules/services/portmap.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/portmap.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/portmap.te 2008-10-14 15:00:15.000000000 -0400
@@ -41,6 +41,7 @@
manage_files_pattern(portmap_t, portmap_var_run_t, portmap_var_run_t)
files_pid_filetrans(portmap_t, portmap_var_run_t, file)
@@ -18383,9 +17867,157 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_kernel_sysctls(portmap_t)
kernel_list_proc(portmap_t)
kernel_read_proc_symlinks(portmap_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.5.12/policy/modules/services/portreserve.fc
+--- nsaserefpolicy/policy/modules/services/portreserve.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.12/policy/modules/services/portreserve.fc 2008-10-14 15:00:15.000000000 -0400
+@@ -0,0 +1,12 @@
++# portreserve executable will have:
++# label: system_u:object_r:portreserve_exec_t
++# MLS sensitivity: s0
++# MCS categories: <none>
++
++#exec
++/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
++
++/var/run/portreserve(/.*)? gen_context(system_u:object_r:portreserve_var_run_t,s0)
++
++/etc/portreserve(/.*)? gen_context(system_u:object_r:portreserve_etc_t,s0)
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.5.12/policy/modules/services/portreserve.if
+--- nsaserefpolicy/policy/modules/services/portreserve.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.12/policy/modules/services/portreserve.if 2008-10-14 15:00:15.000000000 -0400
+@@ -0,0 +1,70 @@
++## <summary>policy for portreserve</summary>
++
++########################################
++## <summary>
++## Execute a domain transition to run portreserve.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`portreserve_domtrans',`
++ gen_require(`
++ type portreserve_t, portreserve_exec_t;
++ ')
++
++ domain_auto_trans($1,portreserve_exec_t,portreserve_t)
++
++ allow portreserve_t $1:fd use;
++ allow portreserve_t $1:fifo_file rw_file_perms;
++ allow portreserve_t $1:process sigchld;
++')
++
++#######################################
++## <summary>
++## Allow the specified domain to read
++## portreserve etcuration files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++##
++#
++interface(`portreserve_read_etc',`
++ gen_require(`
++ type portreserve_etc_t;
++ ')
++
++ files_search_etc($1)
++ allow $1 portreserve_etc_t:dir list_dir_perms;
++ read_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
++ read_lnk_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
++')
++
++#######################################
++## <summary>
++## Allow the specified domain to manage
++## portreserve etcuration files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++##
++#
++interface(`portreserve_manage_etc',`
++ gen_require(`
++ type portreserve_etc_t;
++ ')
++
++ files_search_etc($1)
++ manage_dirs_pattern($1, portreserve_etc_t, portreserve_etc_t)
++ manage_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
++ read_lnk_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.5.12/policy/modules/services/portreserve.te
+--- nsaserefpolicy/policy/modules/services/portreserve.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.12/policy/modules/services/portreserve.te 2008-10-14 15:00:15.000000000 -0400
+@@ -0,0 +1,54 @@
++policy_module(portreserve,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type portreserve_t;
++type portreserve_exec_t;
++init_daemon_domain(portreserve_t, portreserve_exec_t)
++
++type portreserve_etc_t;
++files_type(portreserve_etc_t)
++
++type portreserve_var_run_t;
++files_pid_file(portreserve_var_run_t)
++
++########################################
++#
++# Portreserve local policy
++#
++allow portreserve_t self:fifo_file rw_fifo_file_perms;
++allow portreserve_t self:unix_stream_socket create_stream_socket_perms;
++allow portreserve_t self:unix_dgram_socket { create_socket_perms sendto };
++allow portreserve_t self:tcp_socket create_socket_perms;
++allow portreserve_t self:udp_socket create_socket_perms;
++
++# Read etc files
++list_dirs_pattern(portreserve_t, portreserve_etc_t, portreserve_etc_t)
++read_files_pattern(portreserve_t, portreserve_etc_t, portreserve_etc_t)
++
++# Manage /var/run/portreserve/*
++manage_dirs_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
++manage_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
++manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
++files_pid_filetrans(portreserve_t,portreserve_var_run_t, { file sock_file })
++
++## Networking basics
++corenet_tcp_bind_all_ports(portreserve_t)
++corenet_tcp_bind_all_ports(portreserve_t)
++corenet_udp_bind_all_nodes(portreserve_t)
++corenet_udp_bind_all_ports(portreserve_t)
++corenet_tcp_bind_inaddr_any_node(portreserve_t)
++corenet_udp_bind_inaddr_any_node(portreserve_t)
++
++files_read_etc_files(portreserve_t)
++
++libs_use_ld_so(portreserve_t)
++libs_use_shared_libs(portreserve_t)
++
++# Init script handling
++#init_use_fds(portreserve_t)
++#init_use_script_ptys(portreserve_t)
++#domain_use_interactive_fds(portreserve_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.5.12/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/postfix.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/postfix.fc 2008-10-14 15:00:15.000000000 -0400
@@ -29,12 +29,10 @@
/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -18399,20 +18031,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/postdrop -- gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
/usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
-@@ -43,9 +41,7 @@
- /usr/sbin/postmap -- gen_context(system_u:object_r:postfix_map_exec_t,s0)
- /usr/sbin/postqueue -- gen_context(system_u:object_r:postfix_postqueue_exec_t,s0)
- /usr/sbin/postsuper -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
--
--/var/lib/postfix(/.*)? gen_context(system_u:object_r:postfix_data_t,s0)
--
-+/var/lib/postfix(/.*)? gen_context(system_u:object_r:postfix_var_lib_t,s0)
- /var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0)
- /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
- /var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.5.12/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/postfix.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/postfix.if 2008-10-14 15:00:15.000000000 -0400
@@ -211,9 +211,8 @@
type postfix_etc_t;
')
@@ -18511,8 +18132,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.12/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/postfix.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/postfix.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/postfix.te 2008-10-14 15:10:49.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -18558,24 +18179,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type postfix_map_tmp_t;
files_tmp_file(postfix_map_tmp_t)
-@@ -80,13 +95,12 @@
- type postfix_public_t;
- files_type(postfix_public_t)
-
-+type postfix_var_lib_t;
-+files_type(postfix_var_lib_t)
-+
- type postfix_var_run_t;
- files_pid_file(postfix_var_run_t)
-
--# the data_directory config parameter
--type postfix_data_t;
--files_type(postfix_data_t)
--
- postfix_server_domain_template(virtual)
- mta_mailserver_delivery(postfix_virtual_t)
-
-@@ -103,14 +117,12 @@
+@@ -103,6 +118,7 @@
allow postfix_master_t self:fifo_file rw_fifo_file_perms;
allow postfix_master_t self:tcp_socket create_stream_socket_perms;
allow postfix_master_t self:udp_socket create_socket_perms;
@@ -18583,25 +18187,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow postfix_master_t postfix_etc_t:file rw_file_perms;
- can_exec(postfix_master_t,postfix_exec_t)
-
--allow postfix_master_t postfix_data_t:dir manage_dir_perms;
--allow postfix_master_t postfix_data_t:file manage_file_perms;
--
- allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock };
-
- allow postfix_master_t postfix_postdrop_exec_t:file getattr;
-@@ -129,6 +141,10 @@
-
- domtrans_pattern(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
-
-+manage_dirs_pattern(postfix_master_t, postfix_var_lib_t, postfix_var_lib_t)
-+manage_files_pattern(postfix_master_t, postfix_var_lib_t, postfix_var_lib_t)
-+files_search_var_lib(postfix_master_t)
-+
- # allow access to deferred queue and allow removing bogus incoming entries
- manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
- manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
@@ -142,6 +158,7 @@
delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
@@ -18610,25 +18195,35 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_all_sysctls(postfix_master_t)
-@@ -181,12 +198,17 @@
+@@ -170,6 +187,7 @@
+ domain_use_interactive_fds(postfix_master_t)
+
+ files_read_usr_files(postfix_master_t)
++files_search_var_lib(postfix_master_t)
+
+ term_dontaudit_search_ptys(postfix_master_t)
+
+@@ -181,15 +199,14 @@
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
+mta_getattr_spool(postfix_master_t)
- optional_policy(`
- cyrus_stream_connect(postfix_master_t)
+-ifdef(`distro_redhat',`
+- # for newer main.cf that uses /etc/aliases
+- mta_manage_aliases(postfix_master_t)
+- mta_etc_filetrans_aliases(postfix_master_t)
++optional_policy(`
++ cyrus_stream_connect(postfix_master_t)
')
optional_policy(`
+- cyrus_stream_connect(postfix_master_t)
+ kerberos_keytab_template(postfix, postfix_t)
-+')
-+
-+optional_policy(`
- # for postalias
- mailman_manage_data_files(postfix_master_t)
')
-@@ -196,6 +218,10 @@
+
+ optional_policy(`
+@@ -202,9 +219,29 @@
')
optional_policy(`
@@ -18639,7 +18234,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sendmail_signal(postfix_master_t)
')
-@@ -255,6 +281,10 @@
++###########################################################
++#
++# Partially converted rules. THESE ARE ONLY TEMPORARY
++#
++
++ifdef(`distro_redhat',`
++ # for newer main.cf that uses /etc/aliases
++ allow postfix_master_t etc_aliases_t:dir manage_dir_perms;
++ allow postfix_master_t etc_aliases_t:file manage_file_perms;
++ allow postfix_master_t etc_aliases_t:lnk_file manage_lnk_file_perms;
++ mta_etc_filetrans_aliases(postfix_master_t)
++ filetrans_pattern(postfix_master_t, postfix_etc_t, etc_aliases_t, { dir file lnk_file })
++')
++
++# end partially converted rules
++
+ ########################################
+ #
+ # Postfix bounce local policy
+@@ -245,6 +282,10 @@
corecmd_exec_bin(postfix_cleanup_t)
@@ -18650,7 +18264,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Postfix local local policy
-@@ -280,18 +310,25 @@
+@@ -270,18 +311,25 @@
files_read_etc_files(postfix_local_t)
@@ -18676,7 +18290,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -302,8 +339,7 @@
+@@ -292,8 +340,7 @@
#
# Postfix map local policy
#
@@ -18686,7 +18300,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
allow postfix_map_t self:unix_dgram_socket create_socket_perms;
allow postfix_map_t self:tcp_socket create_stream_socket_perms;
-@@ -353,8 +389,6 @@
+@@ -343,8 +390,6 @@
miscfiles_read_localization(postfix_map_t)
@@ -18695,7 +18309,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`read_default_t',`
files_list_default(postfix_map_t)
files_read_default_files(postfix_map_t)
-@@ -367,6 +401,11 @@
+@@ -357,6 +402,11 @@
locallogin_dontaudit_use_fds(postfix_map_t)
')
@@ -18707,7 +18321,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Postfix pickup local policy
-@@ -391,6 +430,7 @@
+@@ -381,6 +431,7 @@
#
allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
@@ -18715,7 +18329,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
-@@ -398,6 +438,12 @@
+@@ -388,6 +439,12 @@
rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
@@ -18728,7 +18342,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
procmail_domtrans(postfix_pipe_t)
')
-@@ -407,6 +453,14 @@
+@@ -397,6 +454,14 @@
')
optional_policy(`
@@ -18743,7 +18357,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
uucp_domtrans_uux(postfix_pipe_t)
')
-@@ -443,8 +497,11 @@
+@@ -433,8 +498,11 @@
')
optional_policy(`
@@ -18757,7 +18371,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
#######################################
-@@ -470,6 +527,15 @@
+@@ -460,6 +528,15 @@
init_sigchld_script(postfix_postqueue_t)
init_use_script_fds(postfix_postqueue_t)
@@ -18773,7 +18387,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Postfix qmgr local policy
-@@ -553,6 +619,10 @@
+@@ -543,6 +620,10 @@
mta_read_aliases(postfix_smtpd_t)
optional_policy(`
@@ -18784,7 +18398,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mailman_read_data_files(postfix_smtpd_t)
')
-@@ -579,7 +649,7 @@
+@@ -569,7 +650,7 @@
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
# connect to master process
@@ -18795,7 +18409,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_exec_bin(postfix_virtual_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.5.12/policy/modules/services/postgresql.fc
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/postgresql.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/postgresql.fc 2008-10-14 15:00:15.000000000 -0400
@@ -2,6 +2,7 @@
# /etc
#
@@ -18806,7 +18420,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /usr
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.5.12/policy/modules/services/postgresql.if
--- nsaserefpolicy/policy/modules/services/postgresql.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/postgresql.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/postgresql.if 2008-10-14 15:00:15.000000000 -0400
@@ -372,3 +372,46 @@
typeattribute $1 sepgsql_unconfined_type;
@@ -18855,8 +18469,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, postgresql_tmp_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.5.12/policy/modules/services/postgresql.te
---- nsaserefpolicy/policy/modules/services/postgresql.te 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/postgresql.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/postgresql.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/postgresql.te 2008-10-14 15:00:15.000000000 -0400
@@ -32,6 +32,9 @@
type postgresql_etc_t;
files_config_file(postgresql_etc_t)
@@ -18896,7 +18510,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.fc serefpolicy-3.5.12/policy/modules/services/postgrey.fc
--- nsaserefpolicy/policy/modules/services/postgrey.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/postgrey.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/postgrey.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,5 +1,7 @@
/etc/postgrey(/.*)? gen_context(system_u:object_r:postgrey_etc_t,s0)
@@ -18913,7 +18527,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/postfix/postgrey(/.*)? gen_context(system_u:object_r:postgrey_spool_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.5.12/policy/modules/services/postgrey.if
--- nsaserefpolicy/policy/modules/services/postgrey.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/postgrey.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/postgrey.if 2008-10-14 15:00:15.000000000 -0400
@@ -12,10 +12,73 @@
#
interface(`postgrey_stream_connect',`
@@ -18992,7 +18606,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.te serefpolicy-3.5.12/policy/modules/services/postgrey.te
--- nsaserefpolicy/policy/modules/services/postgrey.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/postgrey.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/postgrey.te 2008-10-14 15:00:15.000000000 -0400
@@ -13,6 +13,12 @@
type postgrey_etc_t;
files_config_file(postgrey_etc_t)
@@ -19043,7 +18657,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.5.12/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ppp.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ppp.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,8 +1,6 @@
#
# /etc
@@ -19067,7 +18681,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /sbin
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.5.12/policy/modules/services/ppp.if
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ppp.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ppp.if 2008-10-14 15:00:15.000000000 -0400
@@ -58,6 +58,25 @@
########################################
@@ -19172,8 +18786,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, pptp_var_run_t, pptp_var_run_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.5.12/policy/modules/services/ppp.te
---- nsaserefpolicy/policy/modules/services/ppp.te 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ppp.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ppp.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ppp.te 2008-10-14 15:00:15.000000000 -0400
@@ -37,8 +37,8 @@
type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)
@@ -19277,7 +18891,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.5.12/policy/modules/services/prelude.fc
--- nsaserefpolicy/policy/modules/services/prelude.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/prelude.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/prelude.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,3 +1,9 @@
+/etc/prelude-correlator(/.*)? gen_context(system_u:object_r:prelude_correlator_config_t, s0)
+
@@ -19306,7 +18920,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.5.12/policy/modules/services/prelude.if
--- nsaserefpolicy/policy/modules/services/prelude.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/prelude.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/prelude.if 2008-10-14 15:00:15.000000000 -0400
@@ -6,7 +6,7 @@
## </summary>
## <param name="domain">
@@ -19421,7 +19035,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.12/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/prelude.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/prelude.te 2008-10-14 15:00:15.000000000 -0400
@@ -13,25 +13,57 @@
type prelude_spool_t;
files_type(prelude_spool_t)
@@ -19686,7 +19300,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mysql_search_db(httpd_prewikka_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.5.12/policy/modules/services/privoxy.fc
--- nsaserefpolicy/policy/modules/services/privoxy.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/privoxy.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/privoxy.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,5 +1,7 @@
/etc/privoxy/user\.action -- gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
@@ -19697,7 +19311,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.if serefpolicy-3.5.12/policy/modules/services/privoxy.if
--- nsaserefpolicy/policy/modules/services/privoxy.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/privoxy.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/privoxy.if 2008-10-14 15:00:15.000000000 -0400
@@ -16,17 +16,23 @@
gen_require(`
type privoxy_t, privoxy_log_t;
@@ -19727,7 +19341,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.5.12/policy/modules/services/privoxy.te
--- nsaserefpolicy/policy/modules/services/privoxy.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/privoxy.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/privoxy.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,6 +10,9 @@
type privoxy_exec_t;
init_daemon_domain(privoxy_t, privoxy_exec_t)
@@ -19748,7 +19362,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_sendrecv_http_cache_server_packets(privoxy_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.5.12/policy/modules/services/procmail.fc
--- nsaserefpolicy/policy/modules/services/procmail.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/procmail.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/procmail.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,2 +1,5 @@
/usr/bin/procmail -- gen_context(system_u:object_r:procmail_exec_t,s0)
@@ -19757,7 +19371,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.5.12/policy/modules/services/procmail.if
--- nsaserefpolicy/policy/modules/services/procmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/procmail.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/procmail.if 2008-10-14 15:00:15.000000000 -0400
@@ -39,3 +39,41 @@
corecmd_search_bin($1)
can_exec($1, procmail_exec_t)
@@ -19802,7 +19416,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.5.12/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/procmail.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/procmail.te 2008-10-14 15:00:15.000000000 -0400
@@ -14,6 +14,10 @@
type procmail_tmp_t;
files_tmp_file(procmail_tmp_t)
@@ -19882,7 +19496,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.5.12/policy/modules/services/pyzor.fc
--- nsaserefpolicy/policy/modules/services/pyzor.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/pyzor.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/pyzor.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,6 +1,8 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -19895,7 +19509,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.5.12/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/pyzor.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/pyzor.if 2008-10-14 15:00:15.000000000 -0400
@@ -25,16 +25,16 @@
#
template(`pyzor_per_role_template',`
@@ -19973,7 +19587,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.5.12/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/pyzor.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/pyzor.te 2008-10-14 15:00:15.000000000 -0400
@@ -6,6 +6,37 @@
# Declarations
#
@@ -20060,8 +19674,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.te serefpolicy-3.5.12/policy/modules/services/qmail.te
---- nsaserefpolicy/policy/modules/services/qmail.te 2008-08-11 11:23:34.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/qmail.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/qmail.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/qmail.te 2008-10-14 15:00:15.000000000 -0400
@@ -124,6 +124,10 @@
qmail_domtrans_queue(qmail_local_t)
@@ -20084,21 +19698,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ucspitcp_service_domain(qmail_smtpd_t, qmail_smtpd_exec_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.fc serefpolicy-3.5.12/policy/modules/services/radius.fc
---- nsaserefpolicy/policy/modules/services/radius.fc 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/radius.fc 2008-10-10 16:08:15.000000000 -0400
-@@ -1,7 +1,7 @@
-
- /etc/cron\.(daily|monthly)/radiusd -- gen_context(system_u:object_r:radiusd_exec_t,s0)
- /etc/cron\.(daily|weekly|monthly)/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0)
--/etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radiusd_initrc_exec_t,s0)
-+/etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radius_initrc_exec_t,s0)
-
- /etc/raddb(/.*)? gen_context(system_u:object_r:radiusd_etc_t,s0)
- /etc/raddb/db\.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.5.12/policy/modules/services/radius.te
---- nsaserefpolicy/policy/modules/services/radius.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/radius.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/radius.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/radius.te 2008-10-14 15:00:15.000000000 -0400
@@ -59,8 +59,9 @@
manage_files_pattern(radiusd_t, radiusd_var_lib_t, radiusd_var_lib_t)
@@ -20112,7 +19714,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state(radiusd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.5.12/policy/modules/services/razor.fc
--- nsaserefpolicy/policy/modules/services/razor.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/razor.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/razor.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,4 @@
-HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:ROLE_razor_home_t,s0)
+HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
@@ -20121,7 +19723,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.5.12/policy/modules/services/razor.if
--- nsaserefpolicy/policy/modules/services/razor.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/razor.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/razor.if 2008-10-14 15:00:15.000000000 -0400
@@ -137,6 +137,7 @@
template(`razor_per_role_template',`
gen_require(`
@@ -20243,7 +19845,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.5.12/policy/modules/services/razor.te
--- nsaserefpolicy/policy/modules/services/razor.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/razor.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/razor.te 2008-10-14 15:00:15.000000000 -0400
@@ -6,21 +6,51 @@
# Declarations
#
@@ -20300,8 +19902,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.5.12/policy/modules/services/ricci.te
---- nsaserefpolicy/policy/modules/services/ricci.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ricci.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ricci.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ricci.te 2008-10-14 15:00:15.000000000 -0400
@@ -133,6 +133,8 @@
dev_read_urand(ricci_t)
@@ -20366,7 +19968,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_manage_etc_files(ricci_modstorage_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.5.12/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/rlogin.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/rlogin.te 2008-10-14 15:00:15.000000000 -0400
@@ -94,8 +94,8 @@
remotelogin_signal(rlogind_t)
@@ -20380,7 +19982,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.fc serefpolicy-3.5.12/policy/modules/services/roundup.fc
--- nsaserefpolicy/policy/modules/services/roundup.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/roundup.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/roundup.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,3 +1,5 @@
+/etc/rc\.d/init\.d/roundup -- gen_context(system_u:object_r:roundup_initrc_exec_t,s0)
+
@@ -20389,7 +19991,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.if serefpolicy-3.5.12/policy/modules/services/roundup.if
--- nsaserefpolicy/policy/modules/services/roundup.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/roundup.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/roundup.if 2008-10-14 15:00:15.000000000 -0400
@@ -1 +1,39 @@
## <summary>Roundup Issue Tracking System policy</summary>
+
@@ -20432,7 +20034,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.te serefpolicy-3.5.12/policy/modules/services/roundup.te
--- nsaserefpolicy/policy/modules/services/roundup.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/roundup.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/roundup.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,6 +10,9 @@
type roundup_exec_t;
init_daemon_domain(roundup_t, roundup_exec_t)
@@ -20445,7 +20047,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.5.12/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/rpc.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/rpc.if 2008-10-14 15:00:15.000000000 -0400
@@ -88,8 +88,11 @@
# bind to arbitary unused ports
corenet_tcp_bind_generic_port($1_t)
@@ -20485,8 +20087,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## </summary>
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.5.12/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/rpc.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpc.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/rpc.te 2008-10-14 15:00:15.000000000 -0400
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -20547,28 +20149,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-3.5.12/policy/modules/services/rpcbind.fc
--- nsaserefpolicy/policy/modules/services/rpcbind.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/rpcbind.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/rpcbind.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,4 @@
-/etc/rc.d/init.d/rpcbind -- gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/rpcbind -- gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0)
/sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.5.12/policy/modules/services/rpcbind.if
---- nsaserefpolicy/policy/modules/services/rpcbind.if 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/rpcbind.if 2008-10-10 16:08:15.000000000 -0400
-@@ -122,7 +122,7 @@
- allow $1 rpcbind_t:process { ptrace signal_perms };
- ps_process_pattern($1, rpcbind_t)
-
-- init_labeled_script_domtrans($1, rbcbind_initrc_exec_t)
-+ init_labeled_script_domtrans($1, rpcbind_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rpcbind_initrc_exec_t system_r;
- allow $2 system_r;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.5.12/policy/modules/services/rpcbind.te
---- nsaserefpolicy/policy/modules/services/rpcbind.te 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/rpcbind.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpcbind.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/rpcbind.te 2008-10-14 15:00:15.000000000 -0400
@@ -60,6 +60,7 @@
domain_use_interactive_fds(rpcbind_t)
@@ -20579,7 +20169,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
libs_use_shared_libs(rpcbind_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.5.12/policy/modules/services/rshd.te
--- nsaserefpolicy/policy/modules/services/rshd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/rshd.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/rshd.te 2008-10-14 15:00:15.000000000 -0400
@@ -16,7 +16,7 @@
#
# Local policy
@@ -20643,7 +20233,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.fc serefpolicy-3.5.12/policy/modules/services/rsync.fc
--- nsaserefpolicy/policy/modules/services/rsync.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/rsync.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/rsync.fc 2008-10-14 15:00:15.000000000 -0400
@@ -3,4 +3,4 @@
/var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0)
@@ -20651,8 +20241,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_log_t,s0)
+/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.5.12/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/rsync.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rsync.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/rsync.te 2008-10-14 15:00:15.000000000 -0400
@@ -45,7 +45,7 @@
# Local policy
#
@@ -20664,7 +20254,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow rsync_t self:tcp_socket create_stream_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.5.12/policy/modules/services/samba.fc
--- nsaserefpolicy/policy/modules/services/samba.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/samba.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/samba.fc 2008-10-14 15:00:15.000000000 -0400
@@ -2,6 +2,9 @@
#
# /etc
@@ -20693,7 +20283,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.5.12/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/samba.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/samba.if 2008-10-14 15:00:15.000000000 -0400
@@ -52,6 +52,25 @@
## </summary>
## </param>
@@ -21019,8 +20609,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.5.12/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/samba.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/samba.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/samba.te 2008-10-14 15:00:15.000000000 -0400
@@ -66,6 +66,13 @@
## </desc>
gen_tunable(samba_share_nfs, false)
@@ -21418,8 +21008,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+allow smbcontrol_t nmbd_var_run_t:file { read lock };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.5.12/policy/modules/services/sasl.te
---- nsaserefpolicy/policy/modules/services/sasl.te 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/sasl.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sasl.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/sasl.te 2008-10-14 15:00:15.000000000 -0400
@@ -111,6 +111,10 @@
')
@@ -21433,7 +21023,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.5.12/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/sendmail.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/sendmail.if 2008-10-14 15:00:15.000000000 -0400
@@ -149,3 +149,104 @@
logging_log_filetrans($1, sendmail_log_t, file)
@@ -21541,7 +21131,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.5.12/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/sendmail.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/sendmail.te 2008-10-14 15:00:15.000000000 -0400
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -21703,7 +21293,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.5.12/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/setroubleshoot.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/setroubleshoot.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,3 +1,5 @@
+/etc/rc\.d/init\.d/setroubleshoot -- gen_context(system_u:object_r:setroubleshoot_initrc_exec_t,s0)
+
@@ -21712,7 +21302,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.5.12/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/setroubleshoot.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/setroubleshoot.if 2008-10-14 15:00:15.000000000 -0400
@@ -16,8 +16,8 @@
')
@@ -21775,8 +21365,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, setroubleshoot_var_run_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.5.12/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/setroubleshoot.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/setroubleshoot.te 2008-10-14 15:00:15.000000000 -0400
@@ -11,6 +11,9 @@
domain_type(setroubleshootd_t)
init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
@@ -21798,17 +21388,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow setroubleshootd_t self:fifo_file rw_fifo_file_perms;
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-@@ -52,7 +55,9 @@
+@@ -52,7 +55,10 @@
kernel_read_kernel_sysctls(setroubleshootd_t)
kernel_read_system_state(setroubleshootd_t)
+kernel_read_net_sysctls(setroubleshootd_t)
kernel_read_network_state(setroubleshootd_t)
+kernel_dontaudit_list_all_proc(setroubleshootd_t)
++kernel_read_unlabeled_state(setroubleshootd_t)
corecmd_exec_bin(setroubleshootd_t)
corecmd_exec_shell(setroubleshootd_t)
-@@ -68,16 +73,23 @@
+@@ -68,16 +74,23 @@
dev_read_urand(setroubleshootd_t)
dev_read_sysfs(setroubleshootd_t)
@@ -21833,7 +21424,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
selinux_get_enforce_mode(setroubleshootd_t)
selinux_validate_context(setroubleshootd_t)
-@@ -97,22 +109,25 @@
+@@ -97,22 +110,25 @@
locallogin_dontaudit_use_fds(setroubleshootd_t)
@@ -21862,15 +21453,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
rpm_dontaudit_manage_db(setroubleshootd_t)
rpm_use_script_fds(setroubleshootd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.5.12/policy/modules/services/smartmon.te
---- nsaserefpolicy/policy/modules/services/smartmon.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/smartmon.te 2008-10-10 16:08:15.000000000 -0400
-@@ -1,5 +1,5 @@
-
--policy_module(smartmon, 1.6.1)
-+policy_module(smartmon, 1.6.0)
-
- ########################################
- #
+--- nsaserefpolicy/policy/modules/services/smartmon.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/smartmon.te 2008-10-14 15:00:15.000000000 -0400
@@ -19,6 +19,10 @@
type fsdaemon_tmp_t;
files_tmp_file(fsdaemon_tmp_t)
@@ -21895,7 +21479,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_udp_sendrecv_all_nodes(fsdaemon_t)
corenet_udp_sendrecv_all_ports(fsdaemon_t)
-+dev_del_entry_generic_dirs(fsdaemon_t)
++dev_del_generic_dirs(fsdaemon_t)
dev_read_sysfs(fsdaemon_t)
dev_read_urand(fsdaemon_t)
@@ -21930,7 +21514,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.5.12/policy/modules/services/snmp.fc
--- nsaserefpolicy/policy/modules/services/snmp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/snmp.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/snmp.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,3 +1,6 @@
+/etc/rc\.d/init\.d/snmpd -- gen_context(system_u:object_r:snmp_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/snmptrapd -- gen_context(system_u:object_r:snmp_initrc_exec_t,s0)
@@ -21948,7 +21532,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.5.12/policy/modules/services/snmp.if
--- nsaserefpolicy/policy/modules/services/snmp.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/snmp.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/snmp.if 2008-10-14 15:00:15.000000000 -0400
@@ -95,23 +95,34 @@
## Domain allowed access.
## </summary>
@@ -21989,7 +21573,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.5.12/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/snmp.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/snmp.te 2008-10-14 15:00:15.000000000 -0400
@@ -9,6 +9,9 @@
type snmpd_exec_t;
init_daemon_domain(snmpd_t, snmpd_exec_t)
@@ -22056,7 +21640,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.5.12/policy/modules/services/snort.if
--- nsaserefpolicy/policy/modules/services/snort.if 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/snort.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/snort.if 2008-10-14 15:00:15.000000000 -0400
@@ -30,7 +30,7 @@
## </param>
## <param name="role">
@@ -22080,8 +21664,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, snort_log_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.12/policy/modules/services/snort.te
---- nsaserefpolicy/policy/modules/services/snort.te 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/snort.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/snort.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/snort.te 2008-10-14 15:00:15.000000000 -0400
@@ -56,6 +56,7 @@
files_pid_filetrans(snort_t, snort_var_run_t, file)
@@ -22114,7 +21698,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.5.12/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/spamassassin.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/spamassassin.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,16 +1,27 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
@@ -22148,7 +21732,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.5.12/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/spamassassin.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/spamassassin.if 2008-10-14 15:00:15.000000000 -0400
@@ -34,10 +34,10 @@
# cjp: when tunables are available, spamc stuff should be
# toggled on activation of spamc, and similarly for spamd.
@@ -22683,7 +22267,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.12/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/spamassassin.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/spamassassin.te 2008-10-14 15:00:15.000000000 -0400
@@ -21,16 +21,24 @@
gen_tunable(spamd_enable_home_dirs, true)
@@ -22978,8 +22562,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ sendmail_rw_pipes(spamc_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.5.12/policy/modules/services/squid.te
---- nsaserefpolicy/policy/modules/services/squid.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/squid.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/squid.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/squid.te 2008-10-14 15:00:15.000000000 -0400
@@ -118,6 +118,8 @@
fs_getattr_all_fs(squid_t)
@@ -23000,7 +22584,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.5.12/policy/modules/services/ssh.fc
--- nsaserefpolicy/policy/modules/services/ssh.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ssh.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ssh.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,4 @@
-HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ROLE_home_ssh_t,s0)
+HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
@@ -23009,7 +22593,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/etc/ssh/ssh_host_key -- gen_context(system_u:object_r:sshd_key_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.5.12/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ssh.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ssh.if 2008-10-14 15:00:15.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -23257,8 +22841,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ delete_files_pattern($1, ssh_tmp_t, ssh_tmp_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.5.12/policy/modules/services/ssh.te
---- nsaserefpolicy/policy/modules/services/ssh.te 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/ssh.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ssh.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/ssh.te 2008-10-14 15:00:15.000000000 -0400
@@ -24,7 +24,7 @@
# Type for the ssh-agent executable.
@@ -23321,7 +22905,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.5.12/policy/modules/services/stunnel.fc
--- nsaserefpolicy/policy/modules/services/stunnel.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/stunnel.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/stunnel.fc 2008-10-14 15:00:15.000000000 -0400
@@ -2,5 +2,6 @@
/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0)
@@ -23330,8 +22914,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/stunnel(/.*)? gen_context(system_u:object_r:stunnel_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.5.12/policy/modules/services/stunnel.te
---- nsaserefpolicy/policy/modules/services/stunnel.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/stunnel.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/stunnel.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/stunnel.te 2008-10-14 15:00:15.000000000 -0400
@@ -54,6 +54,8 @@
kernel_read_system_state(stunnel_t)
kernel_read_network_state(stunnel_t)
@@ -23351,7 +22935,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.5.12/policy/modules/services/sysstat.te
--- nsaserefpolicy/policy/modules/services/sysstat.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/sysstat.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/sysstat.te 2008-10-14 15:00:15.000000000 -0400
@@ -47,6 +47,7 @@
files_read_etc_files(sysstat_t)
@@ -23362,7 +22946,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
term_use_all_terms(sysstat_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.5.12/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/telnet.te 2008-10-10 16:23:10.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/telnet.te 2008-10-14 15:00:15.000000000 -0400
@@ -90,8 +90,8 @@
userdom_search_unpriv_users_home_dirs(telnetd_t)
@@ -23375,8 +22959,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`use_nfs_home_dirs',`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.5.12/policy/modules/services/tftp.te
---- nsaserefpolicy/policy/modules/services/tftp.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/tftp.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tftp.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/tftp.te 2008-10-14 15:00:15.000000000 -0400
@@ -75,6 +75,7 @@
domain_use_interactive_fds(tftpd_t)
@@ -23387,7 +22971,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_search_var(tftpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.5.12/policy/modules/services/virt.fc
--- nsaserefpolicy/policy/modules/services/virt.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/virt.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/virt.fc 2008-10-14 15:00:15.000000000 -0400
@@ -2,6 +2,7 @@
/etc/libvirt/[^/]* -- gen_context(system_u:object_r:virt_etc_t,s0)
/etc/libvirt/[^/]* -d gen_context(system_u:object_r:virt_etc_rw_t,s0)
@@ -23397,17 +22981,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/libvirtd -- gen_context(system_u:object_r:virtd_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.5.12/policy/modules/services/virt.if
---- nsaserefpolicy/policy/modules/services/virt.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/virt.if 2008-10-10 16:08:15.000000000 -0400
-@@ -68,7 +68,7 @@
- ## </summary>
- ## </param>
- #
--interface(`virt_manage_pids_files',`
-+interface(`virt_manage_pid_files',`
- gen_require(`
- type virt_var_run_t;
- ')
+--- nsaserefpolicy/policy/modules/services/virt.if 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/virt.if 2008-10-14 15:00:15.000000000 -0400
@@ -78,6 +78,24 @@
########################################
@@ -23497,17 +23072,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
virt_manage_lib_files($1)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.5.12/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/virt.te 2008-10-10 16:08:15.000000000 -0400
-@@ -1,6 +1,8 @@
-
- policy_module(virt, 1.0.0)
-
-+attribute virt_image_type;
-+
- ########################################
- #
- # Declarations
-@@ -28,9 +30,7 @@
++++ serefpolicy-3.5.12/policy/modules/services/virt.te 2008-10-14 15:00:15.000000000 -0400
+@@ -28,9 +28,7 @@
# virt Image files
type virt_image_t; # customizable
@@ -23518,7 +23084,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type virt_log_t;
logging_log_file(virt_log_t)
-@@ -45,6 +45,9 @@
+@@ -45,6 +43,9 @@
type virtd_exec_t;
init_daemon_domain(virtd_t, virtd_exec_t)
@@ -23528,7 +23094,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# virtd local policy
-@@ -49,9 +52,8 @@
+@@ -49,9 +50,8 @@
#
# virtd local policy
#
@@ -23539,7 +23105,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow virtd_t self:fifo_file rw_file_perms;
allow virtd_t self:unix_stream_socket create_stream_socket_perms;
allow virtd_t self:tcp_socket create_stream_socket_perms;
-@@ -64,7 +66,7 @@
+@@ -64,7 +64,7 @@
manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
@@ -23548,7 +23114,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-@@ -82,6 +84,8 @@
+@@ -82,6 +82,8 @@
kernel_read_system_state(virtd_t)
kernel_read_network_state(virtd_t)
kernel_rw_net_sysctls(virtd_t)
@@ -23557,7 +23123,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_load_module(virtd_t)
corecmd_exec_bin(virtd_t)
-@@ -93,7 +97,7 @@
+@@ -93,7 +95,7 @@
corenet_tcp_sendrecv_all_nodes(virtd_t)
corenet_tcp_sendrecv_all_ports(virtd_t)
corenet_tcp_bind_all_nodes(virtd_t)
@@ -23566,7 +23132,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_bind_vnc_port(virtd_t)
corenet_tcp_connect_vnc_port(virtd_t)
corenet_tcp_connect_soundd_port(virtd_t)
-@@ -107,8 +111,10 @@
+@@ -107,8 +109,10 @@
files_read_usr_files(virtd_t)
files_read_etc_files(virtd_t)
@@ -23577,7 +23143,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_list_auto_mountpoints(virtd_t)
-@@ -162,26 +168,27 @@
+@@ -162,26 +166,27 @@
')
')
@@ -23614,7 +23180,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -189,9 +196,10 @@
+@@ -189,9 +194,10 @@
')
optional_policy(`
@@ -23630,7 +23196,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.5.12/policy/modules/services/w3c.te
--- nsaserefpolicy/policy/modules/services/w3c.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/w3c.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/w3c.te 2008-10-14 15:00:15.000000000 -0400
@@ -8,11 +8,18 @@
apache_content_template(w3c_validator)
@@ -23652,7 +23218,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.5.12/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/xserver.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/xserver.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,13 +1,15 @@
#
# HOME_DIR
@@ -23728,7 +23294,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.12/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/xserver.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/xserver.if 2008-10-14 15:02:15.000000000 -0400
@@ -16,6 +16,7 @@
gen_require(`
type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
@@ -24052,7 +23618,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# for when /tmp/.X11-unix is created by the system
allow $2 xdm_t:fd use;
-@@ -649,13 +571,208 @@
+@@ -649,13 +571,212 @@
xserver_read_xdm_tmp_files($2)
@@ -24230,7 +23796,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $2 info_xproperty_t:x_property read;
+ allow $2 manage_xevent_t:x_event receive;
+ allow $2 manage_xevent_t:x_synthetic_event { send receive };
++
+ allow $2 output_xext_t:x_extension { query use };
++ allow $2 debug_xext_t:x_extension { query use };
++ allow $2 screensaver_xext_t:x_extension { query use };
++
+ allow $2 property_xevent_t:x_event receive;
+ allow $2 shmem_xext_t:x_extension { query use };
+
@@ -24265,7 +23835,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#######################################
## <summary>
## Interface to provide X object permissions on a given X server to
-@@ -682,7 +799,7 @@
+@@ -682,7 +803,7 @@
#
template(`xserver_common_x_domain_template',`
gen_require(`
@@ -24274,7 +23844,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type xproperty_t, info_xproperty_t, clipboard_xproperty_t;
type input_xevent_t, focus_xevent_t, property_xevent_t, manage_xevent_t;
type xevent_t, client_xevent_t;
-@@ -691,7 +808,6 @@
+@@ -691,7 +812,6 @@
attribute x_server_domain, x_domain;
attribute xproperty_type;
attribute xevent_type, xextension_type;
@@ -24282,7 +23852,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
class x_drawable all_x_drawable_perms;
class x_screen all_x_screen_perms;
-@@ -708,6 +824,7 @@
+@@ -708,6 +828,7 @@
class x_resource all_x_resource_perms;
class x_event all_x_event_perms;
class x_synthetic_event all_x_synthetic_event_perms;
@@ -24290,7 +23860,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
##############################
-@@ -715,20 +832,22 @@
+@@ -715,20 +836,22 @@
# Declarations
#
@@ -24316,7 +23886,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##############################
#
# Local Policy
-@@ -746,7 +865,7 @@
+@@ -746,7 +869,7 @@
allow $3 x_server_domain:x_server getattr;
# everyone can do override-redirect windows.
# this could be used to spoof labels
@@ -24325,7 +23895,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# everyone can receive management events on the root window
# allows to know when new windows appear, among other things
allow $3 manage_xevent_t:x_event receive;
-@@ -755,36 +874,30 @@
+@@ -755,36 +878,30 @@
# can read server-owned resources
allow $3 x_server_domain:x_resource read;
# can mess with own clients
@@ -24372,7 +23942,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# X Input
# can receive own events
-@@ -811,6 +924,12 @@
+@@ -811,6 +928,12 @@
allow $3 manage_xevent_t:x_synthetic_event send;
allow $3 client_xevent_t:x_synthetic_event send;
@@ -24385,7 +23955,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# X Selections
# can use the clipboard
allow $3 clipboard_xselection_t:x_selection { getattr setattr read };
-@@ -819,13 +938,15 @@
+@@ -819,13 +942,15 @@
# Other X Objects
# can create and use cursors
@@ -24405,7 +23975,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`! xserver_object_manager',`
# should be xserver_unconfined($3),
-@@ -885,24 +1006,17 @@
+@@ -885,24 +1010,17 @@
#
template(`xserver_user_x_domain_template',`
gen_require(`
@@ -24437,7 +24007,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Allow connections to X server.
files_search_tmp($3)
-@@ -917,16 +1031,12 @@
+@@ -917,16 +1035,12 @@
xserver_rw_session_template($1, $3, $4)
xserver_use_user_fonts($1, $3)
@@ -24457,7 +24027,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -958,26 +1068,43 @@
+@@ -958,26 +1072,43 @@
#
template(`xserver_use_user_fonts',`
gen_require(`
@@ -24508,7 +24078,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Transition to a user Xauthority domain.
## </summary>
## <desc>
-@@ -1003,10 +1130,77 @@
+@@ -1003,10 +1134,77 @@
#
template(`xserver_domtrans_user_xauth',`
gen_require(`
@@ -24588,7 +24158,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -1036,10 +1230,10 @@
+@@ -1036,10 +1234,10 @@
#
template(`xserver_user_home_dir_filetrans_user_xauth',`
gen_require(`
@@ -24601,7 +24171,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -1225,6 +1419,25 @@
+@@ -1225,6 +1423,25 @@
########################################
## <summary>
@@ -24627,7 +24197,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read xdm-writable configuration files.
## </summary>
## <param name="domain">
-@@ -1279,6 +1492,7 @@
+@@ -1279,6 +1496,7 @@
files_search_tmp($1)
allow $1 xdm_tmp_t:dir list_dir_perms;
create_sock_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
@@ -24635,7 +24205,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -1297,7 +1511,7 @@
+@@ -1297,7 +1515,7 @@
')
files_search_pids($1)
@@ -24644,7 +24214,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -1320,6 +1534,24 @@
+@@ -1320,6 +1538,24 @@
########################################
## <summary>
@@ -24669,7 +24239,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Execute the X server in the XDM X server domain.
## </summary>
## <param name="domain">
-@@ -1330,15 +1562,47 @@
+@@ -1330,15 +1566,47 @@
#
interface(`xserver_domtrans_xdm_xserver',`
gen_require(`
@@ -24718,7 +24288,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Make an X session script an entrypoint for the specified domain.
## </summary>
## <param name="domain">
-@@ -1488,7 +1752,7 @@
+@@ -1488,7 +1756,7 @@
type xdm_xserver_tmp_t;
')
@@ -24727,7 +24297,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -1680,6 +1944,26 @@
+@@ -1680,6 +1948,26 @@
########################################
## <summary>
@@ -24754,7 +24324,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## xdm xserver RW shared memory socket.
## </summary>
## <param name="domain">
-@@ -1698,6 +1982,24 @@
+@@ -1698,6 +1986,24 @@
########################################
## <summary>
@@ -24779,7 +24349,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Interface to provide X object permissions on a given X server to
## an X client domain. Gives the domain complete control over the
## display.
-@@ -1710,8 +2012,157 @@
+@@ -1710,8 +2016,157 @@
#
interface(`xserver_unconfined',`
gen_require(`
@@ -24940,8 +24510,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 xdm_xproperty_t:x_property { write read };
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.12/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/xserver.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/xserver.te 2008-10-14 15:00:15.000000000 -0400
@@ -8,6 +8,14 @@
## <desc>
@@ -25491,13 +25061,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow xdm_t iceauth_home_t:file read_file_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.fc serefpolicy-3.5.12/policy/modules/services/zosremote.fc
--- nsaserefpolicy/policy/modules/services/zosremote.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/zosremote.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/zosremote.fc 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,2 @@
+
+/sbin/audispd-zos-remote -- gen_context(system_u:object_r:zos_remote_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.5.12/policy/modules/services/zosremote.if
--- nsaserefpolicy/policy/modules/services/zosremote.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/zosremote.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/zosremote.if 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,52 @@
+## <summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>
+
@@ -25553,7 +25123,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.te serefpolicy-3.5.12/policy/modules/services/zosremote.te
--- nsaserefpolicy/policy/modules/services/zosremote.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/policy/modules/services/zosremote.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/zosremote.te 2008-10-14 15:00:15.000000000 -0400
@@ -0,0 +1,37 @@
+policy_module(zosremote,1.0.0)
+
@@ -25594,7 +25164,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+logging_send_syslog_msg(zos_remote_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.5.12/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/application.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/application.te 2008-10-14 15:00:15.000000000 -0400
@@ -7,6 +7,12 @@
# Executables to be run by user
attribute application_exec_type;
@@ -25610,7 +25180,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ssh_rw_stream_sockets(application_domain_type)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.5.12/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/authlogin.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/authlogin.fc 2008-10-14 15:00:15.000000000 -0400
@@ -7,12 +7,10 @@
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
@@ -25639,7 +25209,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.5.12/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/authlogin.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/authlogin.if 2008-10-14 15:00:15.000000000 -0400
@@ -56,10 +56,6 @@
miscfiles_read_localization($1_chkpwd_t)
@@ -25765,7 +25335,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- optional_policy(`
- nis_use_ypbind($1)
+ kerberos_read_keytab($1)
-+ kerberos_524_connect($1)
++ kerberos_connect_524($1)
')
optional_policy(`
@@ -25902,7 +25472,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.5.12/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/authlogin.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/authlogin.te 2008-10-14 15:00:15.000000000 -0400
@@ -59,6 +59,9 @@
type utempter_exec_t;
application_domain(utempter_t,utempter_exec_t)
@@ -26004,7 +25574,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.5.12/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/fstools.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/fstools.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -26019,8 +25589,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.5.12/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te 2008-08-14 10:07:04.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/fstools.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/fstools.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/fstools.te 2008-10-14 15:00:15.000000000 -0400
@@ -97,6 +97,10 @@
fs_getattr_tmpfs_dirs(fsadm_t)
fs_read_tmpfs_symlinks(fsadm_t)
@@ -26044,7 +25614,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.5.12/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/hostname.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/hostname.te 2008-10-14 15:00:15.000000000 -0400
@@ -8,7 +8,9 @@
type hostname_t;
@@ -26058,7 +25628,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.5.12/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/init.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/init.fc 2008-10-14 15:00:15.000000000 -0400
@@ -4,8 +4,7 @@
/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -26080,7 +25650,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.5.12/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2008-09-24 10:04:55.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/init.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/init.if 2008-10-14 15:00:15.000000000 -0400
@@ -278,6 +278,27 @@
kernel_dontaudit_use_fds($1)
')
@@ -26269,8 +25839,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow init_t $1:unix_dgram_socket sendto;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.5.12/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/init.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/init.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/init.te 2008-10-14 15:00:15.000000000 -0400
@@ -17,6 +17,20 @@
## </desc>
gen_tunable(init_upstart,false)
@@ -26422,7 +25992,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -579,6 +634,10 @@
+@@ -536,6 +591,10 @@
+ ')
+
+ optional_policy(`
++ automount_exec_config(initrc_t)
++')
++
++optional_policy(`
+ bind_read_config(initrc_t)
+
+ # for chmod in start script
+@@ -575,6 +634,10 @@
dbus_read_config(initrc_t)
optional_policy(`
@@ -26433,7 +26014,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
networkmanager_dbus_chat(initrc_t)
')
')
-@@ -664,12 +723,6 @@
+@@ -660,12 +723,6 @@
mta_read_config(initrc_t)
mta_dontaudit_read_spool_symlinks(initrc_t)
')
@@ -26446,7 +26027,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
ifdef(`distro_redhat',`
-@@ -730,6 +783,9 @@
+@@ -726,6 +783,9 @@
# why is this needed:
rpm_manage_db(initrc_t)
@@ -26456,7 +26037,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -742,10 +798,12 @@
+@@ -738,10 +798,12 @@
squid_manage_logs(initrc_t)
')
@@ -26469,7 +26050,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -763,6 +821,11 @@
+@@ -759,6 +821,11 @@
uml_setattr_util_sockets(initrc_t)
')
@@ -26481,7 +26062,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
unconfined_domain(initrc_t)
-@@ -777,6 +840,10 @@
+@@ -773,6 +840,10 @@
')
optional_policy(`
@@ -26492,7 +26073,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
vmware_read_system_config(initrc_t)
vmware_append_system_config(initrc_t)
')
-@@ -799,3 +866,11 @@
+@@ -795,3 +866,11 @@
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -26505,8 +26086,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_rw_xdm_home_files(daemon)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.5.12/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te 2008-08-11 11:23:34.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/ipsec.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/ipsec.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/ipsec.te 2008-10-14 15:00:15.000000000 -0400
@@ -55,11 +55,12 @@
allow ipsec_t self:capability { net_admin dac_override dac_read_search };
@@ -26627,8 +26208,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.5.12/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te 2008-08-11 11:23:34.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/iscsi.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iscsi.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/iscsi.te 2008-10-14 15:00:15.000000000 -0400
@@ -28,7 +28,7 @@
# iscsid local policy
#
@@ -26640,7 +26221,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.12/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/libraries.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/libraries.fc 2008-10-14 15:00:15.000000000 -0400
@@ -60,12 +60,15 @@
#
# /opt
@@ -26737,8 +26318,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/usr/lib(64)?/libmpeg2\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.5.12/policy/modules/system/libraries.te
---- nsaserefpolicy/policy/modules/system/libraries.te 2008-08-13 15:24:56.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/libraries.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/libraries.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/libraries.te 2008-10-14 15:00:15.000000000 -0400
@@ -52,11 +52,11 @@
# ldconfig local policy
#
@@ -26796,8 +26377,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ unconfined_domain(ldconfig_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.5.12/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/locallogin.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/locallogin.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/locallogin.te 2008-10-14 15:00:15.000000000 -0400
@@ -100,7 +100,6 @@
auth_rw_login_records(local_login_t)
@@ -26868,7 +26449,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.5.12/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/logging.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/logging.fc 2008-10-14 15:00:15.000000000 -0400
@@ -53,10 +53,10 @@
/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0)
')
@@ -26892,7 +26473,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/plymouth/boot.log gen_context(system_u:object_r:var_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.12/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/logging.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/logging.if 2008-10-14 15:00:15.000000000 -0400
@@ -719,6 +719,8 @@
files_search_var($1)
manage_files_pattern($1,logfile,logfile)
@@ -26911,7 +26492,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.5.12/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/lvm.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/lvm.fc 2008-10-14 15:00:15.000000000 -0400
@@ -55,6 +55,7 @@
/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -26927,7 +26508,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.5.12/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/lvm.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/lvm.te 2008-10-14 15:00:15.000000000 -0400
@@ -10,6 +10,9 @@
type clvmd_exec_t;
init_daemon_domain(clvmd_t,clvmd_exec_t)
@@ -27109,8 +26690,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xen_dontaudit_rw_unix_stream_sockets(lvm_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.5.12/policy/modules/system/modutils.te
---- nsaserefpolicy/policy/modules/system/modutils.te 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/modutils.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/modutils.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/modutils.te 2008-10-14 15:00:15.000000000 -0400
@@ -42,7 +42,7 @@
# insmod local policy
#
@@ -27242,7 +26823,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.5.12/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/mount.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/mount.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,6 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -27253,7 +26834,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.5.12/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/mount.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/mount.if 2008-10-14 15:00:15.000000000 -0400
@@ -49,6 +49,8 @@
mount_domtrans($1)
role $2 types mount_t;
@@ -27265,7 +26846,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
samba_run_smbmount($1, $2, $3)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.5.12/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/mount.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/mount.te 2008-10-14 15:00:15.000000000 -0400
@@ -18,17 +18,18 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -27421,8 +27002,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.5.12/policy/modules/system/raid.te
---- nsaserefpolicy/policy/modules/system/raid.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/raid.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/raid.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/raid.te 2008-10-14 15:00:15.000000000 -0400
@@ -39,6 +39,7 @@
dev_dontaudit_getattr_generic_files(mdadm_t)
dev_dontaudit_getattr_generic_chr_files(mdadm_t)
@@ -27433,7 +27014,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_dontaudit_list_tmpfs(mdadm_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.5.12/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/selinuxutil.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/selinuxutil.fc 2008-10-14 15:00:15.000000000 -0400
@@ -38,7 +38,7 @@
/usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0)
/usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0)
@@ -27457,7 +27038,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.5.12/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/selinuxutil.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/selinuxutil.if 2008-10-14 15:00:15.000000000 -0400
@@ -555,6 +555,59 @@
########################################
@@ -27890,15 +27471,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.5.12/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/selinuxutil.te 2008-10-10 16:08:15.000000000 -0400
-@@ -1,5 +1,5 @@
-
--policy_module(selinuxutil, 1.10.1)
-+policy_module(selinuxutil, 1.10.0)
-
- gen_require(`
- bool secure_mode;
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/selinuxutil.te 2008-10-14 15:00:15.000000000 -0400
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -28255,7 +27829,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.5.12/policy/modules/system/setrans.if
--- nsaserefpolicy/policy/modules/system/setrans.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/setrans.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/setrans.if 2008-10-14 15:00:15.000000000 -0400
@@ -21,3 +21,23 @@
stream_connect_pattern($1,setrans_var_run_t,setrans_var_run_t,setrans_t)
files_list_pids($1)
@@ -28282,7 +27856,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.5.12/policy/modules/system/sysnetwork.fc
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/sysnetwork.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/sysnetwork.fc 2008-10-14 15:00:15.000000000 -0400
@@ -11,6 +11,7 @@
/etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0)
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -28307,7 +27881,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.5.12/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/sysnetwork.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/sysnetwork.if 2008-10-14 15:00:15.000000000 -0400
@@ -553,6 +553,7 @@
type net_conf_t;
')
@@ -28387,8 +27961,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role_transition $1 dhcpc_exec_t system_r;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.5.12/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-08-11 11:23:34.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/sysnetwork.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/sysnetwork.te 2008-10-14 15:00:15.000000000 -0400
@@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -28561,7 +28135,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
xen_append_log(ifconfig_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.5.12/policy/modules/system/udev.if
--- nsaserefpolicy/policy/modules/system/udev.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/udev.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/udev.if 2008-10-14 15:00:15.000000000 -0400
@@ -96,6 +96,24 @@
########################################
@@ -28617,7 +28191,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.5.12/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/udev.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/udev.te 2008-10-14 15:00:15.000000000 -0400
@@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t)
@@ -28626,17 +28200,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235182
kernel_rw_net_sysctls(udev_t)
-@@ -96,9 +97,6 @@
- dev_delete_generic_files(udev_t)
- dev_search_usbfs(udev_t)
- dev_relabel_all_dev_nodes(udev_t)
--# udev_node.c/node_symlink() symlink labels are explicitly
--# preserved, instead of short circuiting the relabel
--dev_relabel_generic_symlinks(udev_t)
-
- domain_read_all_domains_state(udev_t)
- domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these
-@@ -142,6 +140,7 @@
+@@ -142,6 +143,7 @@
logging_search_logs(udev_t)
logging_send_syslog_msg(udev_t)
@@ -28644,7 +28208,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(udev_t)
-@@ -189,6 +188,7 @@
+@@ -189,6 +191,7 @@
optional_policy(`
alsa_domtrans(udev_t)
@@ -28652,7 +28216,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
alsa_read_rw_config(udev_t)
')
-@@ -197,6 +197,10 @@
+@@ -197,6 +200,10 @@
')
optional_policy(`
@@ -28663,7 +28227,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
consoletype_exec(udev_t)
')
-@@ -240,5 +244,9 @@
+@@ -240,5 +247,9 @@
')
optional_policy(`
@@ -28675,7 +28239,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.12/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/unconfined.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/unconfined.fc 2008-10-14 15:00:15.000000000 -0400
@@ -2,15 +2,27 @@
# e.g.:
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -28715,7 +28279,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.12/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/unconfined.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/unconfined.if 2008-10-14 15:00:15.000000000 -0400
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -29045,8 +28609,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.12/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te 2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/unconfined.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/unconfined.te 2008-10-14 15:12:41.000000000 -0400
@@ -6,35 +6,76 @@
# Declarations
#
@@ -29381,7 +28945,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+domain_ptrace_all_domains(unconfined_notrans_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.5.12/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/userdomain.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/userdomain.fc 2008-10-14 15:00:15.000000000 -0400
@@ -1,4 +1,5 @@
-HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
-HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
@@ -29394,7 +28958,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.12/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/userdomain.if 2008-10-11 19:55:33.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/userdomain.if 2008-10-14 15:00:15.000000000 -0400
@@ -28,10 +28,14 @@
class context contains;
')
@@ -30383,7 +29947,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- cups_stream_connect($1_t)
- cups_stream_connect_ptal($1_t)
+ kerberos_use($1_usertype)
-+ kerberos_524_connect($1_usertype)
++ kerberos_connect_524($1_usertype)
')
optional_policy(`
@@ -31989,8 +31553,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_tmpfs_filetrans($1, user_tmpfs_t, { dir file lnk_file sock_file fifo_file })
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.12/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/userdomain.te 2008-10-10 16:08:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-10-14 11:58:09.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/userdomain.te 2008-10-14 15:00:15.000000000 -0400
@@ -8,13 +8,6 @@
## <desc>
@@ -32111,7 +31675,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.12/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/xen.fc 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/xen.fc 2008-10-14 15:00:15.000000000 -0400
@@ -20,6 +20,7 @@
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
@@ -32122,7 +31686,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.12/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/xen.if 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/xen.if 2008-10-14 15:00:15.000000000 -0400
@@ -167,11 +167,14 @@
#
interface(`xen_stream_connect',`
@@ -32166,7 +31730,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.12/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/xen.te 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/xen.te 2008-10-14 15:00:15.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -32405,7 +31969,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.12/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/support/obj_perm_sets.spt 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/support/obj_perm_sets.spt 2008-10-14 15:00:15.000000000 -0400
@@ -316,3 +316,13 @@
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
@@ -32422,7 +31986,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+define(`manage_key_perms', `{ create link read search setattr view write } ')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.12/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/users 2008-10-10 16:08:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/users 2008-10-14 15:00:15.000000000 -0400
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f346f96..bae17d2 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -59,7 +59,6 @@ SELinux Base package
%files
%{_mandir}/*
-%doc %{_usr}/share/doc/%{name}-%{version}
%dir %{_usr}/share/selinux
%dir %{_usr}/share/selinux/devel
%dir %{_usr}/share/selinux/devel/include
@@ -71,6 +70,17 @@ SELinux Base package
%{_usr}/share/selinux/devel/policygentool
%{_usr}/share/selinux/devel/example.*
%{_usr}/share/selinux/devel/policy.*
+
+%package doc
+Summary: SELinux policy documentation
+Group: System Environment/Base
+Requires(pre): selinux-policy = %{version}-%{release}
+
+%description doc
+SELinux policy documentation package
+
+%files doc
+%doc %{_usr}/share/doc/%{name}-%{version}
%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
%check
@@ -185,7 +195,7 @@ fi;
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2824.
+Based off of reference policy: Checked out revision 2837.
%build
diff --git a/sources b/sources
index a04e717..7aebee6 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-6c66ffc8a5a5a5860cc5834940fa3813 serefpolicy-3.5.12.tgz
+d8844e366ff99f65df95d145a5c2c1fe serefpolicy-3.5.12.tgz