##
@@ -12051,16 +11841,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(ftpd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.10/policy/modules/services/gnomeclock.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.11/policy/modules/services/gnomeclock.fc
--- nsaserefpolicy/policy/modules/services/gnomeclock.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/gnomeclock.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/gnomeclock.fc 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.10/policy/modules/services/gnomeclock.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.11/policy/modules/services/gnomeclock.if
--- nsaserefpolicy/policy/modules/services/gnomeclock.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/gnomeclock.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/gnomeclock.if 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,69 @@
+
+## policy for gnomeclock
@@ -12131,9 +11921,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 gnomeclock_t:dbus send_msg;
+ allow gnomeclock_t $1:dbus send_msg;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.10/policy/modules/services/gnomeclock.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.11/policy/modules/services/gnomeclock.te
--- nsaserefpolicy/policy/modules/services/gnomeclock.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/gnomeclock.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/gnomeclock.te 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,51 @@
+policy_module(gnomeclock, 1.0.0)
+########################################
@@ -12186,9 +11976,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ polkit_read_reload(gnomeclock_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.10/policy/modules/services/gpm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.11/policy/modules/services/gpm.te
--- nsaserefpolicy/policy/modules/services/gpm.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/gpm.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/gpm.te 2009-04-06 12:59:54.000000000 -0400
@@ -54,6 +54,8 @@
dev_rw_input_dev(gpm_t)
dev_rw_mouse(gpm_t)
@@ -12198,16 +11988,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(gpm_t)
fs_search_auto_mountpoints(gpm_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.10/policy/modules/services/gpsd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.11/policy/modules/services/gpsd.fc
--- nsaserefpolicy/policy/modules/services/gpsd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/gpsd.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/gpsd.fc 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.10/policy/modules/services/gpsd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.11/policy/modules/services/gpsd.if
--- nsaserefpolicy/policy/modules/services/gpsd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/gpsd.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/gpsd.if 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,83 @@
+## gpsd monitor daemon
+
@@ -12292,9 +12082,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+ read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.10/policy/modules/services/gpsd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.11/policy/modules/services/gpsd.te
--- nsaserefpolicy/policy/modules/services/gpsd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/gpsd.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/gpsd.te 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,52 @@
+policy_module(gpsd,1.0.0)
+
@@ -12348,9 +12138,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.10/policy/modules/services/hal.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.11/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/hal.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/hal.fc 2009-04-06 12:59:54.000000000 -0400
@@ -5,6 +5,7 @@
/usr/bin/hal-setup-keymap -- gen_context(system_u:object_r:hald_keymap_exec_t,s0)
@@ -12359,9 +12149,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/libexec/hal-hotplug-map -- gen_context(system_u:object_r:hald_exec_t,s0)
/usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.10/policy/modules/services/hal.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.11/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/hal.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/hal.if 2009-04-06 12:59:54.000000000 -0400
@@ -20,6 +20,24 @@
########################################
@@ -12462,9 +12252,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ logging_log_filetrans($1, hald_log_t, file)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.10/policy/modules/services/hal.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.11/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/hal.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/hal.te 2009-04-06 12:59:54.000000000 -0400
@@ -49,6 +49,15 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -12642,9 +12432,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_localization(hald_dccm_t)
+
+permissive hald_dccm_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.fc serefpolicy-3.6.10/policy/modules/services/ifplugd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.fc serefpolicy-3.6.11/policy/modules/services/ifplugd.fc
--- nsaserefpolicy/policy/modules/services/ifplugd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/ifplugd.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/ifplugd.fc 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,9 @@
+
+/etc/ifplugd(/.*)? gen_context(system_u:object_r:ifplugd_etc_t,s0)
@@ -12655,9 +12445,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/var/run/ifplugd.* gen_context(system_u:object_r:ifplugd_var_run_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.6.10/policy/modules/services/ifplugd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.6.11/policy/modules/services/ifplugd.if
--- nsaserefpolicy/policy/modules/services/ifplugd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/ifplugd.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/ifplugd.if 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,194 @@
+## policy for ifplugd
+
@@ -12853,9 +12643,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, ifplugd_var_run_t)
+
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.te serefpolicy-3.6.10/policy/modules/services/ifplugd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.te serefpolicy-3.6.11/policy/modules/services/ifplugd.te
--- nsaserefpolicy/policy/modules/services/ifplugd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/ifplugd.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/ifplugd.te 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,89 @@
+policy_module(ifplugd,1.0.0)
+
@@ -12946,9 +12736,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive ifplugd_t;
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.10/policy/modules/services/kerneloops.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.11/policy/modules/services/kerneloops.if
--- nsaserefpolicy/policy/modules/services/kerneloops.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/kerneloops.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/kerneloops.if 2009-04-06 12:59:54.000000000 -0400
@@ -63,6 +63,25 @@
########################################
@@ -12991,9 +12781,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, kerneloops_tmp_t)
')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.10/policy/modules/services/kerneloops.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.11/policy/modules/services/kerneloops.te
--- nsaserefpolicy/policy/modules/services/kerneloops.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/kerneloops.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/kerneloops.te 2009-04-06 12:59:54.000000000 -0400
@@ -13,6 +13,9 @@
type kerneloops_initrc_exec_t;
init_script_file(kerneloops_initrc_exec_t)
@@ -13026,9 +12816,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- dbus_connect_system_bus(kerneloops_t)
+ dbus_system_domain(kerneloops_t, kerneloops_exec_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.10/policy/modules/services/ktalk.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.11/policy/modules/services/ktalk.te
--- nsaserefpolicy/policy/modules/services/ktalk.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/ktalk.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/ktalk.te 2009-04-06 12:59:54.000000000 -0400
@@ -69,6 +69,7 @@
files_read_etc_files(ktalkd_t)
@@ -13037,9 +12827,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(ktalkd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.6.10/policy/modules/services/lircd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.6.11/policy/modules/services/lircd.fc
--- nsaserefpolicy/policy/modules/services/lircd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/lircd.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/lircd.fc 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,9 @@
+
+/dev/lircd -s gen_context(system_u:object_r:lircd_sock_t,s0)
@@ -13050,9 +12840,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/sbin/lircd -- gen_context(system_u:object_r:lircd_exec_t,s0)
+
+/var/run/lircd\.pid gen_context(system_u:object_r:lircd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.6.10/policy/modules/services/lircd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.6.11/policy/modules/services/lircd.if
--- nsaserefpolicy/policy/modules/services/lircd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/lircd.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/lircd.if 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,100 @@
+## Lirc daemon
+
@@ -13154,9 +12944,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, lircd_sock_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.10/policy/modules/services/lircd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.11/policy/modules/services/lircd.te
--- nsaserefpolicy/policy/modules/services/lircd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/lircd.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/lircd.te 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,55 @@
+policy_module(lircd,1.0.0)
+
@@ -13213,17 +13003,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+miscfiles_read_localization(lircd_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.10/policy/modules/services/mailman.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.11/policy/modules/services/mailman.fc
--- nsaserefpolicy/policy/modules/services/mailman.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/mailman.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/mailman.fc 2009-04-06 12:59:54.000000000 -0400
@@ -31,3 +31,4 @@
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
')
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.10/policy/modules/services/mailman.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.11/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/mailman.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/mailman.if 2009-04-06 12:59:54.000000000 -0400
@@ -31,6 +31,12 @@
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -13287,9 +13077,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Append to mailman logs.
##
##
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.10/policy/modules/services/mailman.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.11/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/mailman.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/mailman.te 2009-04-06 12:59:54.000000000 -0400
@@ -53,10 +53,8 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -13356,9 +13146,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.10/policy/modules/services/mta.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.11/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/mta.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/mta.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,4 +1,4 @@
-/bin/mail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
+/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -13389,9 +13179,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#')
+HOME_DIR/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0)
+/root/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.10/policy/modules/services/mta.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.11/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/mta.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/mta.if 2009-04-06 12:59:54.000000000 -0400
@@ -130,6 +130,15 @@
sendmail_create_log($1_mail_t)
')
@@ -13467,9 +13257,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern($1, mqueue_spool_t, mqueue_spool_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.10/policy/modules/services/mta.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.11/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/mta.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/mta.te 2009-04-06 12:59:54.000000000 -0400
@@ -27,6 +27,9 @@
type mail_spool_t;
files_mountpoint(mail_spool_t)
@@ -13624,9 +13414,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# User send mail local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.10/policy/modules/services/munin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.11/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/munin.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/munin.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,4 +1,5 @@
/etc/munin(/.*)? gen_context(system_u:object_r:munin_etc_t,s0)
+/etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0)
@@ -13644,9 +13434,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0)
+/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.10/policy/modules/services/munin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.11/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/munin.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/munin.if 2009-04-06 12:59:54.000000000 -0400
@@ -59,8 +59,9 @@
type munin_log_t;
')
@@ -13714,9 +13504,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, httpd_munin_content_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.10/policy/modules/services/munin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.11/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/munin.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/munin.te 2009-04-06 12:59:54.000000000 -0400
@@ -13,6 +13,9 @@
type munin_etc_t alias lrrd_etc_t;
files_config_file(munin_etc_t)
@@ -13851,9 +13641,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+manage_dirs_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
+manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.6.10/policy/modules/services/mysql.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.6.11/policy/modules/services/mysql.fc
--- nsaserefpolicy/policy/modules/services/mysql.fc 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/mysql.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/mysql.fc 2009-04-06 12:59:54.000000000 -0400
@@ -12,6 +12,8 @@
#
/usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0)
@@ -13863,9 +13653,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/mysqld(-max)? -- gen_context(system_u:object_r:mysqld_exec_t,s0)
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.6.10/policy/modules/services/mysql.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.6.11/policy/modules/services/mysql.if
--- nsaserefpolicy/policy/modules/services/mysql.if 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/mysql.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/mysql.if 2009-04-06 12:59:54.000000000 -0400
@@ -121,6 +121,44 @@
allow $1 mysqld_db_t:dir rw_dir_perms;
')
@@ -13972,9 +13762,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.10/policy/modules/services/mysql.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.11/policy/modules/services/mysql.te
--- nsaserefpolicy/policy/modules/services/mysql.te 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/mysql.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/mysql.te 2009-04-06 12:59:54.000000000 -0400
@@ -10,6 +10,10 @@
type mysqld_exec_t;
init_daemon_domain(mysqld_t, mysqld_exec_t)
@@ -14023,9 +13813,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+hostname_exec(mysqld_safe_t)
+
+permissive mysqld_safe_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.10/policy/modules/services/nagios.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.11/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/nagios.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nagios.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,16 +1,19 @@
/etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0)
/etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -14050,9 +13840,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
+/usr/lib(64)?/cgi-bin/nagios(/.+)? gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.10/policy/modules/services/nagios.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.11/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/nagios.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nagios.if 2009-04-06 12:59:54.000000000 -0400
@@ -44,7 +44,7 @@
########################################
@@ -14172,9 +13962,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ admin_pattern($1, nrpe_etc_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.10/policy/modules/services/nagios.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.11/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/nagios.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nagios.te 2009-04-06 12:59:54.000000000 -0400
@@ -10,13 +10,12 @@
type nagios_exec_t;
init_daemon_domain(nagios_t, nagios_exec_t)
@@ -14270,9 +14060,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.10/policy/modules/services/networkmanager.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.11/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/networkmanager.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/networkmanager.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,12 +1,25 @@
+/etc/rc\.d/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -14299,9 +14089,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.10/policy/modules/services/networkmanager.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.11/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/networkmanager.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/networkmanager.if 2009-04-06 12:59:54.000000000 -0400
@@ -118,6 +118,24 @@
########################################
@@ -14358,9 +14148,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types NetworkManager_t;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.10/policy/modules/services/networkmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.11/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/networkmanager.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/networkmanager.te 2009-04-06 12:59:54.000000000 -0400
@@ -19,6 +19,9 @@
type NetworkManager_tmp_t;
files_tmp_file(NetworkManager_tmp_t)
@@ -14590,9 +14380,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.10/policy/modules/services/nis.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.11/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/nis.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nis.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,9 +1,13 @@
-
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -14608,9 +14398,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.yppasswdd -- gen_context(system_u:object_r:yppasswdd_exec_t,s0)
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.10/policy/modules/services/nis.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.11/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/nis.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nis.if 2009-04-06 12:59:54.000000000 -0400
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -14788,9 +14578,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types ypbind_t;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.10/policy/modules/services/nis.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.11/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/nis.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nis.te 2009-04-06 12:59:54.000000000 -0400
@@ -13,6 +13,9 @@
type ypbind_exec_t;
init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -14865,17 +14655,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
corenet_dontaudit_udp_bind_all_reserved_ports(ypxfr_t)
corenet_tcp_connect_all_ports(ypxfr_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.10/policy/modules/services/nscd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.11/policy/modules/services/nscd.fc
--- nsaserefpolicy/policy/modules/services/nscd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/nscd.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nscd.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/nscd -- gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
/usr/sbin/nscd -- gen_context(system_u:object_r:nscd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.10/policy/modules/services/nscd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.11/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/nscd.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nscd.if 2009-04-06 12:59:54.000000000 -0400
@@ -58,6 +58,42 @@
########################################
@@ -14998,9 +14788,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, nscd_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.10/policy/modules/services/nscd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.11/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/nscd.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nscd.te 2009-04-06 12:59:54.000000000 -0400
@@ -20,6 +20,9 @@
type nscd_exec_t;
init_daemon_domain(nscd_t, nscd_exec_t)
@@ -15098,9 +14888,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ samba_read_config(nscd_t)
+ samba_read_var_files(nscd_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.10/policy/modules/services/ntp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.11/policy/modules/services/ntp.if
--- nsaserefpolicy/policy/modules/services/ntp.if 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/ntp.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/ntp.if 2009-04-06 12:59:54.000000000 -0400
@@ -37,6 +37,32 @@
########################################
@@ -15198,9 +14988,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## All of the rules required to administrate
## an ntp environment
##
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.10/policy/modules/services/ntp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.11/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/ntp.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/ntp.te 2009-04-06 12:59:54.000000000 -0400
@@ -25,6 +25,9 @@
type ntpd_tmp_t;
files_tmp_file(ntpd_tmp_t)
@@ -15265,9 +15055,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
firstboot_dontaudit_use_fds(ntpd_t)
firstboot_dontaudit_rw_pipes(ntpd_t)
firstboot_dontaudit_rw_stream_sockets(ntpd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.10/policy/modules/services/nx.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.11/policy/modules/services/nx.te
--- nsaserefpolicy/policy/modules/services/nx.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/nx.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/nx.te 2009-04-06 12:59:54.000000000 -0400
@@ -25,6 +25,9 @@
type nx_server_var_run_t;
files_pid_file(nx_server_var_run_t)
@@ -15288,18 +15078,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state(nx_server_t)
kernel_read_kernel_sysctls(nx_server_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.10/policy/modules/services/oddjob.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.11/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/oddjob.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/oddjob.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,4 +1,4 @@
-/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.10/policy/modules/services/oddjob.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.11/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/oddjob.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/oddjob.if 2009-04-06 12:59:54.000000000 -0400
@@ -44,6 +44,7 @@
')
@@ -15337,9 +15127,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ oddjob_domtrans_mkhomedir($1)
+ role $2 types oddjob_mkhomedir_t;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.10/policy/modules/services/oddjob.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.11/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/oddjob.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/oddjob.te 2009-04-06 12:59:54.000000000 -0400
@@ -10,14 +10,21 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -15396,9 +15186,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Add/remove user home directories
userdom_home_filetrans_user_home_dir(oddjob_mkhomedir_t)
userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.10/policy/modules/services/pads.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.11/policy/modules/services/pads.fc
--- nsaserefpolicy/policy/modules/services/pads.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/pads.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/pads.fc 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,12 @@
+
+/etc/pads-ether-codes -- gen_context(system_u:object_r:pads_config_t, s0)
@@ -15412,9 +15202,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/var/run/pads.pid -- gen_context(system_u:object_r:pads_var_run_t, s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.10/policy/modules/services/pads.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.11/policy/modules/services/pads.if
--- nsaserefpolicy/policy/modules/services/pads.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/pads.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/pads.if 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,10 @@
+## SELinux policy for PADS daemon.
+##
@@ -15426,9 +15216,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+##
+##
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.10/policy/modules/services/pads.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.11/policy/modules/services/pads.te
--- nsaserefpolicy/policy/modules/services/pads.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/pads.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/pads.te 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,65 @@
+
+policy_module(pads, 0.0.1)
@@ -15495,9 +15285,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ prelude_manage_spool(pads_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.10/policy/modules/services/pegasus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.11/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/pegasus.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/pegasus.te 2009-04-06 12:59:54.000000000 -0400
@@ -30,7 +30,7 @@
# Local policy
#
@@ -15569,9 +15359,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xen_stream_connect(pegasus_t)
+ xen_stream_connect_xenstore(pegasus_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.fc serefpolicy-3.6.10/policy/modules/services/pingd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.fc serefpolicy-3.6.11/policy/modules/services/pingd.fc
--- nsaserefpolicy/policy/modules/services/pingd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/pingd.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/pingd.fc 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,11 @@
+
+/etc/pingd.conf -- gen_context(system_u:object_r:pingd_etc_t,s0)
@@ -15584,9 +15374,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.6.10/policy/modules/services/pingd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.6.11/policy/modules/services/pingd.if
--- nsaserefpolicy/policy/modules/services/pingd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/pingd.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/pingd.if 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,99 @@
+##
##
@@ -21686,17 +21476,36 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
##
-## Allow virt to manage cifs files
++## Allow svirt to manage nfs files
++##
++##
++gen_tunable(virt_use_nfs, false)
++
++##
++##
+## Allow svirt to manage cifs files
##
##
gen_tunable(virt_use_samba, false)
-attribute virt_image_type;
--
++##
++##
++## Allow svirt to manage nfs files
++##
++##
++gen_tunable(virt_use_nfs, false)
++
++##
++##
++## Allow svirt to user serial/parallell communication ports
++##
++##
++gen_tunable(virt_use_comm, false)
+
type virt_etc_t;
files_config_file(virt_etc_t)
-
-@@ -29,8 +27,12 @@
+@@ -29,8 +48,12 @@
files_type(virt_etc_rw_t)
# virt Image files
@@ -21711,7 +21520,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type virt_log_t;
logging_log_file(virt_log_t)
-@@ -48,17 +50,39 @@
+@@ -48,17 +71,39 @@
type virtd_initrc_exec_t;
init_script_file(virtd_initrc_exec_t)
@@ -21753,7 +21562,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
-@@ -67,7 +91,11 @@
+@@ -67,7 +112,11 @@
manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
@@ -21766,7 +21575,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-@@ -86,6 +114,7 @@
+@@ -86,6 +135,7 @@
kernel_read_network_state(virtd_t)
kernel_rw_net_sysctls(virtd_t)
kernel_load_module(virtd_t)
@@ -21774,7 +21583,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_exec_bin(virtd_t)
corecmd_exec_shell(virtd_t)
-@@ -96,7 +125,7 @@
+@@ -96,7 +146,7 @@
corenet_tcp_sendrecv_generic_node(virtd_t)
corenet_tcp_sendrecv_all_ports(virtd_t)
corenet_tcp_bind_generic_node(virtd_t)
@@ -21783,7 +21592,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_bind_vnc_port(virtd_t)
corenet_tcp_connect_vnc_port(virtd_t)
corenet_tcp_connect_soundd_port(virtd_t)
-@@ -104,21 +133,39 @@
+@@ -104,21 +154,39 @@
dev_read_sysfs(virtd_t)
dev_read_rand(virtd_t)
@@ -21824,7 +21633,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
term_getattr_pty_fs(virtd_t)
term_use_ptmx(virtd_t)
-@@ -129,6 +176,13 @@
+@@ -129,6 +197,13 @@
logging_send_syslog_msg(virtd_t)
@@ -21838,7 +21647,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_read_all_users_state(virtd_t)
tunable_policy(`virt_use_nfs',`
-@@ -167,22 +221,34 @@
+@@ -167,22 +242,34 @@
dnsmasq_domtrans(virtd_t)
dnsmasq_signal(virtd_t)
dnsmasq_kill(virtd_t)
@@ -21878,7 +21687,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -198,5 +264,73 @@
+@@ -198,5 +285,78 @@
')
optional_policy(`
@@ -21932,6 +21741,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+corenet_udp_bind_all_ports(svirt_t)
+corenet_tcp_bind_all_ports(svirt_t)
+
++tunable_policy(`virt_use_comm',`
++ term_use_unallocated_ttys(svirt_t)
++ dev_rw_printer(svirt_t)
++')
++
+tunable_policy(`virt_use_nfs',`
+ fs_manage_nfs_dirs(svirt_t)
+ fs_manage_nfs_files(svirt_t)
@@ -21953,9 +21767,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ xen_rw_image_files(svirt_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.10/policy/modules/services/w3c.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.11/policy/modules/services/w3c.te
--- nsaserefpolicy/policy/modules/services/w3c.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/w3c.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/w3c.te 2009-04-06 12:59:54.000000000 -0400
@@ -8,11 +8,18 @@
apache_content_template(w3c_validator)
@@ -21975,9 +21789,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t)
corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t)
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.10/policy/modules/services/xserver.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.11/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/xserver.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/xserver.fc 2009-04-06 12:59:54.000000000 -0400
@@ -3,12 +3,16 @@
#
HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -22045,9 +21859,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_suse',`
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.10/policy/modules/services/xserver.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.11/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/xserver.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/xserver.if 2009-04-06 12:59:54.000000000 -0400
@@ -90,7 +90,7 @@
allow $2 xauth_home_t:file manage_file_perms;
allow $2 xauth_home_t:file { relabelfrom relabelto };
@@ -22694,9 +22508,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow xdm_t $1:dbus send_msg;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.10/policy/modules/services/xserver.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.11/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/xserver.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/xserver.te 2009-04-06 12:59:54.000000000 -0400
@@ -34,6 +34,13 @@
##
@@ -23408,9 +23222,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#
-allow xdm_t user_home_type:file unlink;
-') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.6.10/policy/modules/services/zosremote.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.6.11/policy/modules/services/zosremote.if
--- nsaserefpolicy/policy/modules/services/zosremote.if 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/zosremote.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/zosremote.if 2009-04-06 12:59:54.000000000 -0400
@@ -12,7 +12,7 @@
#
interface(`zosremote_domtrans',`
@@ -23420,9 +23234,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
domtrans_pattern($1, zos_remote_exec_t, zos_remote_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.6.10/policy/modules/system/application.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.6.11/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/application.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/application.te 2009-04-06 12:59:54.000000000 -0400
@@ -7,8 +7,18 @@
# Executables to be run by user
attribute application_exec_type;
@@ -23442,9 +23256,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ sudo_sigchld(application_domain_type)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.10/policy/modules/system/authlogin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.11/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/authlogin.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/authlogin.fc 2009-04-06 12:59:54.000000000 -0400
@@ -7,12 +7,10 @@
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
@@ -23471,9 +23285,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
+
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.10/policy/modules/system/authlogin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.11/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/authlogin.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/authlogin.if 2009-04-06 12:59:54.000000000 -0400
@@ -43,20 +43,38 @@
interface(`auth_login_pgm_domain',`
gen_require(`
@@ -23810,9 +23624,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_var_filetrans($1,auth_cache_t,{ file dir } )
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.10/policy/modules/system/authlogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.11/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/authlogin.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/authlogin.te 2009-04-06 12:59:54.000000000 -0400
@@ -12,7 +12,7 @@
type chkpwd_t, can_read_shadow_passwords;
@@ -23892,9 +23706,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_urand(pam_console_t)
mls_file_read_all_levels(pam_console_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.10/policy/modules/system/fstools.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.11/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/fstools.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/fstools.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -23908,9 +23722,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/sbin/parted -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.6.10/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/fstools.te 2009-03-30 10:09:41.000000000 -0400
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.6.11/policy/modules/system/fstools.te
+--- nsaserefpolicy/policy/modules/system/fstools.te 2009-04-06 12:42:08.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/fstools.te 2009-04-06 12:59:54.000000000 -0400
@@ -97,6 +97,10 @@
fs_getattr_tmpfs_dirs(fsadm_t)
fs_read_tmpfs_symlinks(fsadm_t)
@@ -23930,21 +23744,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-userdom_use_unpriv_users_fds(fsadm_t)
+term_use_all_terms(fsadm_t)
- tunable_policy(`read_default_t',`
- files_list_default(fsadm_t)
-@@ -182,4 +185,9 @@
+ ifdef(`distro_redhat',`
+ optional_policy(`
+@@ -188,4 +191,6 @@
optional_policy(`
xen_append_log(fsadm_t)
+ xen_rw_image_files(fsadm_t)
-+')
-+
-+optional_policy(`
-+ unconfined_domain(fsadm_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.6.10/policy/modules/system/hostname.te
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.6.11/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/hostname.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/hostname.te 2009-04-06 12:59:54.000000000 -0400
@@ -8,7 +8,9 @@
type hostname_t;
@@ -23956,9 +23767,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
role system_r types hostname_t;
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.10/policy/modules/system/init.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.11/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/init.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/init.fc 2009-04-06 12:59:54.000000000 -0400
@@ -4,8 +4,7 @@
/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -23978,9 +23789,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /var
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.10/policy/modules/system/init.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.11/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/init.if 2009-04-01 15:00:12.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/init.if 2009-04-06 12:59:54.000000000 -0400
@@ -280,6 +280,28 @@
kernel_dontaudit_use_fds($1)
')
@@ -24169,9 +23980,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 init_t:unix_dgram_socket sendto;
+ allow init_t $1:unix_dgram_socket sendto;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.10/policy/modules/system/init.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.11/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/init.te 2009-04-01 15:00:25.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/init.te 2009-04-06 12:59:54.000000000 -0400
@@ -17,6 +17,20 @@
##
gen_tunable(init_upstart,false)
@@ -24474,93 +24285,31 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_dontaudit_rw_cifs_files(daemon)
+ ')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.6.10/policy/modules/system/ipsec.fc
---- nsaserefpolicy/policy/modules/system/ipsec.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/ipsec.fc 2009-03-30 10:09:41.000000000 -0400
-@@ -16,6 +16,8 @@
- /usr/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
- /usr/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
-
-+/usr/libexec/ipsec/_plutoload -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
-+/usr/libexec/ipsec/_plutorun -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
- /usr/libexec/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0)
- /usr/libexec/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
- /usr/libexec/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
-@@ -26,6 +28,7 @@
- /usr/local/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
- /usr/local/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
-
-+/usr/sbin/ipsec -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
- /usr/sbin/racoon -- gen_context(system_u:object_r:racoon_exec_t,s0)
- /usr/sbin/setkey -- gen_context(system_u:object_r:setkey_exec_t,s0)
-
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.10/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/ipsec.te 2009-03-30 10:09:41.000000000 -0400
-@@ -55,11 +55,12 @@
-
- allow ipsec_t self:capability { net_admin dac_override dac_read_search };
- dontaudit ipsec_t self:capability sys_tty_config;
--allow ipsec_t self:process signal;
--allow ipsec_t self:netlink_route_socket r_netlink_socket_perms;
-+allow ipsec_t self:process { signal setsched };
- allow ipsec_t self:tcp_socket create_stream_socket_perms;
--allow ipsec_t self:key_socket { create write read setopt };
--allow ipsec_t self:fifo_file read_file_perms;
-+allow ipsec_t self:udp_socket create_socket_perms;
-+allow ipsec_t self:key_socket create_socket_perms;
-+allow ipsec_t self:fifo_file read_fifo_file_perms;
-+allow ipsec_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_write };
-
- allow ipsec_t ipsec_conf_file_t:dir list_dir_perms;
- read_files_pattern(ipsec_t,ipsec_conf_file_t,ipsec_conf_file_t)
-@@ -104,6 +105,11 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.11/policy/modules/system/ipsec.te
+--- nsaserefpolicy/policy/modules/system/ipsec.te 2009-04-06 12:42:08.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/ipsec.te 2009-04-06 12:59:54.000000000 -0400
+@@ -1,5 +1,5 @@
+
+-policy_module(ipsec, 1.9.1)
++policy_module(ipsec, 1.9.0)
+
+ ########################################
+ #
+@@ -103,11 +103,13 @@
+ corenet_raw_sendrecv_all_nodes(ipsec_t)
+ corenet_tcp_sendrecv_all_ports(ipsec_t)
corenet_tcp_bind_all_nodes(ipsec_t)
+-corenet_udp_bind_all_nodes(ipsec_t)
corenet_tcp_bind_reserved_port(ipsec_t)
corenet_tcp_bind_isakmp_port(ipsec_t)
+
+corenet_udp_bind_all_nodes(ipsec_t)
-+corenet_udp_bind_isakmp_port(ipsec_t)
-+corenet_udp_bind_ipsecnat_port(ipsec_t)
+ corenet_udp_bind_isakmp_port(ipsec_t)
+ corenet_udp_bind_ipsecnat_port(ipsec_t)
+
corenet_sendrecv_generic_server_packets(ipsec_t)
corenet_sendrecv_isakmp_server_packets(ipsec_t)
-@@ -127,20 +133,16 @@
- init_use_fds(ipsec_t)
- init_use_script_ptys(ipsec_t)
-
-+auth_use_nsswitch(ipsec_t)
-+
- logging_send_syslog_msg(ipsec_t)
-
- miscfiles_read_localization(ipsec_t)
-
--sysnet_read_config(ipsec_t)
--
- userdom_dontaudit_use_unpriv_user_fds(ipsec_t)
- userdom_dontaudit_search_user_home_dirs(ipsec_t)
-
- optional_policy(`
-- nis_use_ypbind(ipsec_t)
--')
--
--optional_policy(`
- seutil_sigchld_newrole(ipsec_t)
- ')
-
-@@ -156,9 +158,9 @@
- allow ipsec_mgmt_t self:capability { net_admin sys_tty_config dac_override dac_read_search };
- allow ipsec_mgmt_t self:process { signal setrlimit };
- allow ipsec_mgmt_t self:unix_stream_socket create_stream_socket_perms;
--allow ipsec_mgmt_t self:tcp_socket create_socket_perms;
-+allow ipsec_mgmt_t self:tcp_socket create_stream_socket_perms;
- allow ipsec_mgmt_t self:udp_socket create_socket_perms;
--allow ipsec_mgmt_t self:key_socket { create setopt };
-+allow ipsec_mgmt_t self:key_socket create_socket_perms;
- allow ipsec_mgmt_t self:fifo_file rw_file_perms;
-
- allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms;
@@ -167,6 +169,8 @@
allow ipsec_mgmt_t ipsec_mgmt_var_run_t:file manage_file_perms;
files_pid_filetrans(ipsec_mgmt_t,ipsec_mgmt_var_run_t,file)
@@ -24570,24 +24319,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern(ipsec_mgmt_t,ipsec_var_run_t,ipsec_var_run_t)
manage_lnk_files_pattern(ipsec_mgmt_t,ipsec_var_run_t,ipsec_var_run_t)
-@@ -222,6 +226,7 @@
- # the ipsec wrapper wants to run /usr/bin/logger (should we put
- # it in its own domain?)
- corecmd_exec_bin(ipsec_mgmt_t)
-+corecmd_exec_shell(ipsec_mgmt_t)
-
- domain_use_interactive_fds(ipsec_mgmt_t)
- # denials when ps tries to search /proc. Do not audit these denials.
-@@ -276,7 +281,7 @@
- allow racoon_t self:unix_dgram_socket { connect create ioctl write };
- allow racoon_t self:netlink_selinux_socket { bind create read };
- allow racoon_t self:udp_socket create_socket_perms;
--allow racoon_t self:key_socket { create read setopt write };
-+allow racoon_t self:key_socket create_socket_perms;
-
- # manage pid file
- manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t)
-@@ -298,6 +303,7 @@
+@@ -242,8 +246,6 @@
+ init_exec_script_files(ipsec_mgmt_t)
+ init_use_fds(ipsec_mgmt_t)
+
+-logging_send_syslog_msg(ipsec_mgmt_t)
+-
+ miscfiles_read_localization(ipsec_mgmt_t)
+
+ modutils_domtrans_insmod(ipsec_mgmt_t)
+@@ -298,13 +300,10 @@
+ kernel_read_network_state(racoon_t)
+
+ corenet_all_recvfrom_unlabeled(racoon_t)
+-corenet_tcp_sendrecv_all_if(racoon_t)
+-corenet_udp_sendrecv_all_if(racoon_t)
+-corenet_tcp_sendrecv_all_nodes(racoon_t)
+-corenet_udp_sendrecv_all_nodes(racoon_t)
corenet_tcp_bind_all_nodes(racoon_t)
corenet_udp_bind_all_nodes(racoon_t)
corenet_udp_bind_isakmp_port(racoon_t)
@@ -24595,50 +24343,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_udp_bind_ipsecnat_port(racoon_t)
dev_read_urand(racoon_t)
-@@ -312,6 +318,8 @@
-
- ipsec_setcontext_default_spd(racoon_t)
-
-+auth_use_nsswitch(racoon_t)
-+
- locallogin_use_fds(racoon_t)
-
- logging_send_syslog_msg(racoon_t)
-@@ -325,7 +333,7 @@
- #
-
- allow setkey_t self:capability net_admin;
--allow setkey_t self:key_socket { create read setopt write };
-+allow setkey_t self:key_socket create_socket_perms;
- allow setkey_t self:netlink_route_socket create_netlink_socket_perms;
-
- allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.6.10/policy/modules/system/iptables.fc
---- nsaserefpolicy/policy/modules/system/iptables.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/iptables.fc 2009-03-30 10:09:41.000000000 -0400
-@@ -6,3 +6,4 @@
- /usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
- /usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
- /usr/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
-+/var/lib/shorewall(/.*)? -- gen_context(system_u:object_r:iptables_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.10/policy/modules/system/iptables.te
---- nsaserefpolicy/policy/modules/system/iptables.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/iptables.te 2009-03-30 10:09:41.000000000 -0400
-@@ -22,12 +22,12 @@
- # Iptables local policy
- #
-
--allow iptables_t self:capability { net_admin net_raw };
-+allow iptables_t self:capability { dac_read_search dac_override net_admin net_raw };
- dontaudit iptables_t self:capability sys_tty_config;
- allow iptables_t self:process { sigchld sigkill sigstop signull signal };
- allow iptables_t self:rawip_socket create_socket_perms;
-
--allow iptables_t iptables_var_run_t:dir rw_dir_perms;
-+manage_files_pattern(iptables_t, iptables_var_run_t, iptables_var_run_t)
- files_pid_filetrans(iptables_t,iptables_var_run_t,file)
-
- can_exec(iptables_t,iptables_exec_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.11/policy/modules/system/iptables.te
+--- nsaserefpolicy/policy/modules/system/iptables.te 2009-04-06 12:42:08.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/iptables.te 2009-04-06 12:59:54.000000000 -0400
@@ -53,6 +53,7 @@
mls_file_read_all_levels(iptables_t)
@@ -24647,9 +24354,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domain_use_interactive_fds(iptables_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.10/policy/modules/system/iscsi.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.11/policy/modules/system/iscsi.te
--- nsaserefpolicy/policy/modules/system/iscsi.te 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/iscsi.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/iscsi.te 2009-04-06 12:59:54.000000000 -0400
@@ -55,6 +55,7 @@
files_pid_filetrans(iscsid_t,iscsi_var_run_t,file)
@@ -24667,9 +24374,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-sysnet_dns_name_resolve(iscsid_t)
+miscfiles_read_localization(iscsid_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.10/policy/modules/system/libraries.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.11/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/libraries.fc 2009-03-30 12:04:51.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/libraries.fc 2009-04-06 12:59:54.000000000 -0400
@@ -60,12 +60,15 @@
#
# /opt
@@ -24864,9 +24571,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/ICAClient/.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.10/policy/modules/system/libraries.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.11/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/libraries.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/libraries.te 2009-04-06 12:59:54.000000000 -0400
@@ -52,11 +52,11 @@
# ldconfig local policy
#
@@ -24923,9 +24630,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(ldconfig_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.10/policy/modules/system/locallogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.11/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/locallogin.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/locallogin.te 2009-04-06 12:59:54.000000000 -0400
@@ -67,6 +67,7 @@
dev_setattr_power_mgmt_dev(local_login_t)
dev_getattr_sound_dev(local_login_t)
@@ -25000,9 +24707,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-optional_policy(`
- nscd_socket_use(sulogin_t)
-')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.10/policy/modules/system/logging.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.11/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/logging.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/logging.fc 2009-04-06 12:59:54.000000000 -0400
@@ -53,15 +53,18 @@
/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0)
')
@@ -25026,9 +24733,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/tinydns/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.6.10/policy/modules/system/logging.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.6.11/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/logging.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/logging.if 2009-04-06 12:59:54.000000000 -0400
@@ -623,7 +623,7 @@
')
@@ -25047,9 +24754,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.10/policy/modules/system/logging.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.11/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/logging.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/logging.te 2009-04-06 12:59:54.000000000 -0400
@@ -126,7 +126,7 @@
allow auditd_t self:process { signal_perms setpgid setsched };
allow auditd_t self:file rw_file_perms;
@@ -25142,9 +24849,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow syslogd_t self:udp_socket create_socket_perms;
allow syslogd_t self:tcp_socket create_stream_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.6.10/policy/modules/system/lvm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.6.11/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/lvm.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/lvm.fc 2009-04-06 12:59:54.000000000 -0400
@@ -55,6 +55,7 @@
/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -25158,9 +24865,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
+/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.6.10/policy/modules/system/lvm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.6.11/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/lvm.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/lvm.te 2009-04-06 12:59:54.000000000 -0400
@@ -10,6 +10,9 @@
type clvmd_exec_t;
init_daemon_domain(clvmd_t,clvmd_exec_t)
@@ -25367,9 +25074,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xen_append_log(lvm_t)
+ xen_dontaudit_rw_unix_stream_sockets(lvm_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.6.10/policy/modules/system/modutils.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.6.11/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/modutils.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/modutils.te 2009-04-06 12:59:54.000000000 -0400
@@ -42,7 +42,7 @@
# insmod local policy
#
@@ -25482,9 +25189,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
#################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.6.10/policy/modules/system/mount.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.6.11/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/mount.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/mount.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,4 +1,9 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -25496,9 +25203,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/var/cache/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
+/var/run/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.10/policy/modules/system/mount.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.11/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/mount.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/mount.if 2009-04-06 12:59:54.000000000 -0400
@@ -43,9 +43,11 @@
mount_domtrans($1)
@@ -25534,9 +25241,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $1 mount_t:process signal;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.10/policy/modules/system/mount.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.11/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/mount.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/mount.te 2009-04-06 12:59:54.000000000 -0400
@@ -18,17 +18,21 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -25765,9 +25472,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ hal_rw_pipes(mount_t)
')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.6.10/policy/modules/system/raid.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.6.11/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/raid.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/raid.te 2009-04-06 12:59:54.000000000 -0400
@@ -49,6 +49,9 @@
storage_dev_filetrans_fixed_disk(mdadm_t)
storage_read_scsi_generic(mdadm_t)
@@ -25778,9 +25485,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
term_dontaudit_list_ptys(mdadm_t)
# Helper program access
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.10/policy/modules/system/selinuxutil.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.11/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/selinuxutil.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/selinuxutil.fc 2009-04-06 12:59:54.000000000 -0400
@@ -6,13 +6,13 @@
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
@@ -25819,9 +25526,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.6.10/policy/modules/system/selinuxutil.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.6.11/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/selinuxutil.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/selinuxutil.if 2009-04-06 12:59:54.000000000 -0400
@@ -535,6 +535,53 @@
########################################
@@ -26210,9 +25917,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ hotplug_use_fds($1)
+')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.10/policy/modules/system/selinuxutil.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.11/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/selinuxutil.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/selinuxutil.te 2009-04-06 12:59:54.000000000 -0400
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -26584,9 +26291,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- hotplug_use_fds(setfiles_t)
+ unconfined_domain(setfiles_mac_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.6.10/policy/modules/system/setrans.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.6.11/policy/modules/system/setrans.if
--- nsaserefpolicy/policy/modules/system/setrans.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/setrans.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/setrans.if 2009-04-06 12:59:54.000000000 -0400
@@ -21,3 +21,23 @@
stream_connect_pattern($1,setrans_var_run_t,setrans_var_run_t,setrans_t)
files_list_pids($1)
@@ -26611,9 +26318,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ init_labeled_script_domtrans($1, setrans_initrc_exec_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.10/policy/modules/system/sysnetwork.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.11/policy/modules/system/sysnetwork.fc
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/sysnetwork.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/sysnetwork.fc 2009-04-06 12:59:54.000000000 -0400
@@ -11,8 +11,12 @@
/etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0)
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -26642,9 +26349,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
+
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.10/policy/modules/system/sysnetwork.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.11/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/sysnetwork.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/sysnetwork.if 2009-04-06 12:59:54.000000000 -0400
@@ -43,6 +43,39 @@
sysnet_domtrans_dhcpc($1)
@@ -26813,9 +26520,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ role_transition $1 dhcpc_exec_t system_r;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.10/policy/modules/system/sysnetwork.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.11/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/sysnetwork.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/sysnetwork.te 2009-04-06 12:59:54.000000000 -0400
@@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -26999,9 +26706,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_xen_state(ifconfig_t)
kernel_write_xen_state(ifconfig_t)
xen_append_log(ifconfig_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.6.10/policy/modules/system/udev.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.6.11/policy/modules/system/udev.if
--- nsaserefpolicy/policy/modules/system/udev.if 2009-03-20 12:39:40.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/udev.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/udev.if 2009-04-06 12:59:54.000000000 -0400
@@ -20,6 +20,24 @@
########################################
@@ -27027,9 +26734,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Execute a udev helper in the udev domain.
##
##
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.10/policy/modules/system/udev.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.11/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/udev.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/udev.te 2009-04-06 12:59:54.000000000 -0400
@@ -206,6 +206,10 @@
')
@@ -27062,9 +26769,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
xserver_read_xdm_pid(udev_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.6.10/policy/modules/system/unconfined.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.6.11/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/system/unconfined.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/unconfined.fc 2009-04-06 12:59:54.000000000 -0400
@@ -2,15 +2,28 @@
# e.g.:
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -27103,9 +26810,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/ghc-[^/]+/ghc-.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
+
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.10/policy/modules/system/unconfined.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.11/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/unconfined.if 2009-04-03 10:28:13.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/unconfined.if 2009-04-06 12:59:54.000000000 -0400
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -27383,9 +27090,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $1 unconfined_r;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.10/policy/modules/system/unconfined.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.11/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/unconfined.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/unconfined.te 2009-04-06 12:59:54.000000000 -0400
@@ -5,6 +5,35 @@
#
# Declarations
@@ -27748,9 +27455,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.10/policy/modules/system/userdomain.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.11/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/userdomain.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/userdomain.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,4 +1,7 @@
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
+HOME_DIR -l gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -27760,9 +27467,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
+/dev/shm/pulse-shm.* gen_context(system_u:object_r:user_tmpfs_t,s0)
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.10/policy/modules/system/userdomain.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.11/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/userdomain.if 2009-04-06 08:22:27.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/userdomain.if 2009-04-06 12:59:54.000000000 -0400
@@ -30,8 +30,9 @@
')
@@ -29642,9 +29349,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ dontaudit $1 userdomain:unix_stream_socket rw_socket_perms;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.10/policy/modules/system/userdomain.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.11/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/userdomain.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/userdomain.te 2009-04-06 12:59:54.000000000 -0400
@@ -8,13 +8,6 @@
##
@@ -29728,14 +29435,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_read_cifs_named_sockets(userhomereader)
+ fs_read_cifs_named_pipes(userhomereader)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.fc serefpolicy-3.6.10/policy/modules/system/virtual.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.fc serefpolicy-3.6.11/policy/modules/system/virtual.fc
--- nsaserefpolicy/policy/modules/system/virtual.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/virtual.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/virtual.fc 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1 @@
+# No application file contexts.
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.if serefpolicy-3.6.10/policy/modules/system/virtual.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.if serefpolicy-3.6.11/policy/modules/system/virtual.if
--- nsaserefpolicy/policy/modules/system/virtual.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/virtual.if 2009-04-03 16:50:58.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/virtual.if 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,114 @@
+## Virtual machine emulator and virtualizer
+
@@ -29851,9 +29558,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 virtualdomain:process { setsched transition signal signull sigkill };
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.10/policy/modules/system/virtual.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.11/policy/modules/system/virtual.te
--- nsaserefpolicy/policy/modules/system/virtual.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/virtual.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/virtual.te 2009-04-06 12:59:54.000000000 -0400
@@ -0,0 +1,80 @@
+
+policy_module(virtualization, 1.1.2)
@@ -29935,9 +29642,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_read_xdm_pid(virtualdomain)
+ xserver_rw_shm(virtualdomain)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.6.10/policy/modules/system/xen.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.6.11/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/xen.fc 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/xen.fc 2009-04-06 12:59:54.000000000 -0400
@@ -1,32 +1,31 @@
/dev/xen/tapctrl.* -p gen_context(system_u:object_r:xenctl_t,s0)
@@ -29977,9 +29684,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0)
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.6.10/policy/modules/system/xen.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.6.11/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/xen.if 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/xen.if 2009-04-06 12:59:54.000000000 -0400
@@ -167,11 +167,14 @@
#
interface(`xen_stream_connect',`
@@ -30043,9 +29750,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_search_pids($1)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.10/policy/modules/system/xen.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.11/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/xen.te 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/xen.te 2009-04-06 12:59:54.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -30315,9 +30022,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+libs_use_ld_so(evtchnd_t)
+libs_use_shared_libs(evtchnd_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/ipc_patterns.spt serefpolicy-3.6.10/policy/support/ipc_patterns.spt
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/ipc_patterns.spt serefpolicy-3.6.11/policy/support/ipc_patterns.spt
--- nsaserefpolicy/policy/support/ipc_patterns.spt 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.10/policy/support/ipc_patterns.spt 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/support/ipc_patterns.spt 2009-04-06 12:59:54.000000000 -0400
@@ -3,12 +3,12 @@
#
define(`stream_connect_pattern',`
@@ -30333,9 +30040,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 $3:sock_file { getattr write };
allow $1 $4:unix_dgram_socket sendto;
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.10/policy/support/obj_perm_sets.spt
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.11/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.10/policy/support/obj_perm_sets.spt 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/support/obj_perm_sets.spt 2009-04-06 12:59:54.000000000 -0400
@@ -225,7 +225,7 @@
define(`create_lnk_file_perms',`{ create getattr }')
define(`rename_lnk_file_perms',`{ getattr rename }')
@@ -30359,9 +30066,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.10/policy/users
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.11/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.10/policy/users 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/policy/users 2009-04-06 12:59:54.000000000 -0400
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
@@ -30386,9 +30093,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
-')
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.6.10/Rules.modular
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.6.11/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.10/Rules.modular 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/Rules.modular 2009-04-06 12:59:54.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -30418,9 +30125,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rul
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.6.10/support/Makefile.devel
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.6.11/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.10/support/Makefile.devel 2009-03-30 10:09:41.000000000 -0400
++++ serefpolicy-3.6.11/support/Makefile.devel 2009-04-06 12:59:54.000000000 -0400
@@ -185,8 +185,7 @@
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 1803475..f9f3360 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,8 +19,8 @@
%define CHECKPOLICYVER 2.0.16-3
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.6.10
-Release: 9%{?dist}
+Version: 3.6.11
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -187,7 +187,7 @@ fi;
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2936.
+Based off of reference policy: Checked out revision 2943.
%build
@@ -444,6 +444,10 @@ exit 0
%endif
%changelog
+* Mon Apr 6 2009 Dan Walsh 3.6.11-1
+- Dontaudit binds to ports < 1024 for named
+- Upgrade to latest upstream
+
* Fri Apr 3 2009 Dan Walsh 3.6.10-9
- Allow podsleuth to use tmpfs files