diff --git a/policy-20070525.patch b/policy-20070525.patch
index 213e104..341c148 100644
--- a/policy-20070525.patch
+++ b/policy-20070525.patch
@@ -6602,7 +6602,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.0.1/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-06-19 16:23:35.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/services/samba.te 2007-06-19 17:06:27.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/services/samba.te 2007-06-27 11:39:37.000000000 -0400
@@ -189,6 +189,8 @@
miscfiles_read_localization(samba_net_t)
@@ -6678,6 +6678,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
domain_use_interactive_fds(winbind_t)
+@@ -767,6 +782,7 @@
+ #
+ # Winbind helper local policy
+ #
++corecmd_exec_bin(winbind_t)
+
+ allow winbind_helper_t self:unix_dgram_socket create_socket_perms;
+ allow winbind_helper_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.0.1/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/sasl.te 2007-06-19 17:06:27.000000000 -0400
@@ -7442,7 +7450,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.1/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/system/authlogin.if 2007-06-21 10:33:53.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/authlogin.if 2007-06-27 10:19:29.000000000 -0400
@@ -27,7 +27,8 @@
domain_type($1_chkpwd_t)
domain_entry_file($1_chkpwd_t,chkpwd_exec_t)
@@ -8318,7 +8326,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
# Sulogin local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.0.1/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2007-05-29 14:10:58.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/system/logging.fc 2007-06-20 07:06:30.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/logging.fc 2007-06-27 10:17:24.000000000 -0400
+@@ -1,6 +1,6 @@
+-
+ /dev/log -s gen_context(system_u:object_r:devlog_t,s0)
+
++/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
+ /etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
+
+ /sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0)
@@ -43,3 +43,5 @@
/var/spool/postfix/pid -d gen_context(system_u:object_r:var_run_t,s0)
@@ -8327,7 +8343,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+/var/log/syslog-ng(/.*)? -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.0.1/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/system/logging.if 2007-06-19 17:06:27.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/logging.if 2007-06-27 10:20:58.000000000 -0400
@@ -33,8 +33,13 @@
##
#
@@ -8343,10 +8359,48 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
########################################
-@@ -238,6 +243,25 @@
+@@ -238,6 +243,63 @@
########################################
##
++## Manage the syslogd configuration files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`logging_manage_syslog_config',`
++ gen_require(`
++ type syslogd_etc_t;
++ ')
++
++ files_search_etc($1)
++ manage_files_pattern($1,syslog_conf_t,syslog_conf_t)
++')
++
++#######################################
++##
++## Automatic transition from etc to syslog_conf_t.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`logging_etc_filetrans_syslog_conf',`
++ gen_require(`
++ type syslog_conf_t;
++ ')
++
++ files_etc_filetrans($1,syslog_conf_t,file)
++')
++
++########################################
++##
+## Execute klogd in the klog domain.
+##
+##
@@ -8369,7 +8423,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
## Create an object in the log directory, with a private
## type using a type transition.
##
-@@ -317,6 +341,25 @@
+@@ -317,6 +379,25 @@
########################################
##
@@ -8395,7 +8449,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
## Allows the domain to open a file in the
## log directory, but does not allow the listing
## of the contents of the log directory.
-@@ -451,7 +494,7 @@
+@@ -451,7 +532,7 @@
files_search_var($1)
allow $1 var_log_t:dir list_dir_perms;
@@ -8404,7 +8458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
########################################
-@@ -495,6 +538,8 @@
+@@ -495,6 +576,8 @@
files_search_var($1)
manage_files_pattern($1,logfile,logfile)
read_lnk_files_pattern($1,logfile,logfile)
@@ -8413,7 +8467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
########################################
-@@ -578,3 +623,101 @@
+@@ -578,3 +661,101 @@
files_search_var($1)
manage_files_pattern($1,var_log_t,var_log_t)
')
@@ -8517,7 +8571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.0.1/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2007-06-15 14:54:33.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/system/logging.te 2007-06-20 07:06:09.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/logging.te 2007-06-27 10:16:37.000000000 -0400
@@ -7,10 +7,15 @@
#
@@ -8534,7 +8588,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
role system_r types auditctl_t;
type auditd_etc_t;
-@@ -48,6 +53,9 @@
+@@ -45,9 +50,15 @@
+ type syslogd_exec_t;
+ init_daemon_domain(syslogd_t,syslogd_exec_t)
+
++type syslog_conf_t;
++files_type(syslog_conf_t)
++
type syslogd_tmp_t;
files_tmp_file(syslogd_tmp_t)
@@ -8544,7 +8604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
type syslogd_var_run_t;
files_pid_file(syslogd_var_run_t)
-@@ -59,14 +67,17 @@
+@@ -59,14 +70,17 @@
init_ranged_daemon_domain(auditd_t,auditd_exec_t,mls_systemhigh)
')
@@ -8565,7 +8625,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
read_files_pattern(auditctl_t,auditd_etc_t,auditd_etc_t)
allow auditctl_t auditd_etc_t:dir list_dir_perms;
-@@ -91,6 +102,7 @@
+@@ -91,6 +105,7 @@
locallogin_dontaudit_use_fds(auditctl_t)
@@ -8573,7 +8633,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
logging_send_syslog_msg(auditctl_t)
########################################
-@@ -98,12 +110,11 @@
+@@ -98,12 +113,11 @@
# Auditd local policy
#
@@ -8587,7 +8647,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
allow auditd_t self:fifo_file rw_file_perms;
allow auditd_t auditd_etc_t:dir list_dir_perms;
-@@ -141,6 +152,7 @@
+@@ -141,6 +155,7 @@
init_telinit(auditd_t)
@@ -8595,7 +8655,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
logging_send_syslog_msg(auditd_t)
libs_use_ld_so(auditd_t)
-@@ -157,6 +169,8 @@
+@@ -157,6 +172,8 @@
userdom_dontaudit_use_unpriv_user_fds(auditd_t)
userdom_dontaudit_search_sysadm_home_dirs(auditd_t)
@@ -8604,7 +8664,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
optional_policy(`
seutil_sigchld_newrole(auditd_t)
-@@ -249,6 +263,10 @@
+@@ -243,12 +260,18 @@
+ allow syslogd_t self:udp_socket create_socket_perms;
+ allow syslogd_t self:tcp_socket create_stream_socket_perms;
+
++allow syslogd_t syslog_conf_t:file read;
++
+ # Create and bind to /dev/log or /var/run/log.
+ allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
+ files_pid_filetrans(syslogd_t,devlog_t,sock_file)
# create/append log files.
manage_files_pattern(syslogd_t,var_log_t,var_log_t)
@@ -8615,7 +8683,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
# Allow access for syslog-ng
allow syslogd_t var_log_t:dir { create setattr };
-@@ -257,6 +275,9 @@
+@@ -257,6 +280,9 @@
manage_files_pattern(syslogd_t,syslogd_tmp_t,syslogd_tmp_t)
files_tmp_filetrans(syslogd_t,syslogd_tmp_t,{ dir file })
@@ -8625,7 +8693,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
allow syslogd_t syslogd_var_run_t:file manage_file_perms;
files_pid_filetrans(syslogd_t,syslogd_var_run_t,file)
-@@ -313,6 +334,7 @@
+@@ -313,6 +339,7 @@
domain_use_interactive_fds(syslogd_t)
files_read_etc_files(syslogd_t)
@@ -10902,9 +10970,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.t
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.0.1/policy/modules/users/logadm.fc
--- nsaserefpolicy/policy/modules/users/logadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.1/policy/modules/users/logadm.fc 2007-06-19 17:06:27.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/users/logadm.fc 2007-06-27 10:17:08.000000000 -0400
@@ -0,0 +1 @@
-+/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
++# No logadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.if serefpolicy-3.0.1/policy/modules/users/logadm.if
--- nsaserefpolicy/policy/modules/users/logadm.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.1/policy/modules/users/logadm.if 2007-06-19 17:06:27.000000000 -0400
@@ -10912,8 +10980,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.
+## Policy for logadm user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.0.1/policy/modules/users/logadm.te
--- nsaserefpolicy/policy/modules/users/logadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.1/policy/modules/users/logadm.te 2007-06-19 17:06:27.000000000 -0400
-@@ -0,0 +1,35 @@
++++ serefpolicy-3.0.1/policy/modules/users/logadm.te 2007-06-27 10:21:24.000000000 -0400
+@@ -0,0 +1,37 @@
+policy_module(logadm,1.0.0)
+
+########################################
@@ -10925,13 +10993,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.
+files_type(syslog_conf_t)
+
+userdom_base_user_template(logadm)
-+allow logadm_t syslog_conf_t:file manage_file_perms;
-+files_etc_filetrans(logadm_t, syslog_conf_t, file)
+
+allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
+
++logging_etc_filetrans_syslog_conf(logadm_t)
++logging_manage_syslog_config(logadm_t)
+logging_manage_all_logs(logadm_t)
++
+seutil_run_runinit(logadm_t, logadm_r, { logadm_tty_device_t logadm_devpts_t })
++
+domain_kill_all_domains(logadm_t)
+seutil_read_bin_policy(logadm_t)
+corecmd_exec_shell(logadm_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8f13e2c..8a2f780 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.1
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -355,6 +355,10 @@ exit 0
%endif
%changelog
+* Wed Jun 26 2007 Dan Walsh 3.0.1-2
+- Allow avahi to access inotify
+- Remove a lot of bogus security_t:filesystem avcs
+
* Fri May 25 2007 Dan Walsh 3.0.1-1
- Remove ifdef strict policy from upstream