diff --git a/.cvsignore b/.cvsignore
index 332097b..1ecab65 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -148,3 +148,4 @@ serefpolicy-3.5.3.tgz
serefpolicy-3.5.4.tgz
serefpolicy-3.5.5.tgz
serefpolicy-3.5.6.tgz
+serefpolicy-3.5.7.tgz
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 29d0c88..c80fba3 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -278,13 +278,6 @@ cvs = base
cyphesis = module
# Layer: services
-# Module: gamin
-#
-# FAM File Alteration Monitor API
-#
-gamin = module
-
-# Layer: services
# Module: cyrus
#
# Cyrus is an IMAP service intended to be run on sealed servers
diff --git a/policy-20080710.patch b/policy-20080710.patch
index c0baf8c..5c2066d 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -1,6 +1,6 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.6/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.7/Makefile
--- nsaserefpolicy/Makefile 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.6/Makefile 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/Makefile 2008-09-08 10:19:44.000000000 -0400
@@ -311,20 +311,22 @@
# parse-rolemap modulename,outputfile
@@ -45,9 +45,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Mak
$(appdir)/%: $(appconf)/%
@mkdir -p $(appdir)
$(verbose) $(INSTALL) -m 644 $< $@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.6/Rules.modular
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.7/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.6/Rules.modular 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/Rules.modular 2008-09-08 10:19:44.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -77,9 +77,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rul
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.6/config/appconfig-mcs/default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.7/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.6/config/appconfig-mcs/default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mcs/default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -1,15 +0,0 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -96,15 +96,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
-
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.6/config/appconfig-mcs/failsafe_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.7/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.6/config/appconfig-mcs/failsafe_context 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mcs/failsafe_context 2008-09-08 10:19:44.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.6/config/appconfig-mcs/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.7/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/config/appconfig-mcs/guest_u_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mcs/guest_u_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,6 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -112,9 +112,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
+system_r:initrc_su_t:s0 guest_r:guest_t:s0
+guest_r:guest_t:s0 guest_r:guest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.6/config/appconfig-mcs/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.7/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.6/config/appconfig-mcs/root_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mcs/root_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -1,11 +1,7 @@
system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -128,9 +128,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.6/config/appconfig-mcs/staff_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.7/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.6/config/appconfig-mcs/staff_u_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mcs/staff_u_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -5,6 +5,8 @@
system_r:xdm_t:s0 staff_r:staff_t:s0
staff_r:staff_su_t:s0 staff_r:staff_t:s0
@@ -140,9 +140,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.6/config/appconfig-mcs/unconfined_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.7/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.6/config/appconfig-mcs/unconfined_u_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mcs/unconfined_u_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -6,4 +6,6 @@
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
@@ -150,9 +150,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:initrc_su_t:s0 unconfined_r:unconfined_t:s0
+unconfined_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.6/config/appconfig-mcs/user_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.7/config/appconfig-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.6/config/appconfig-mcs/user_u_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mcs/user_u_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -5,4 +5,5 @@
system_r:xdm_t:s0 user_r:user_t:s0
user_r:user_su_t:s0 user_r:user_t:s0
@@ -160,15 +160,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
-
+system_r:initrc_su_t:s0 user_r:user_t:s0
+user_r:user_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.6/config/appconfig-mcs/userhelper_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.7/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.6/config/appconfig-mcs/userhelper_context 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mcs/userhelper_context 2008-09-08 10:19:44.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.6/config/appconfig-mcs/xguest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.7/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/config/appconfig-mcs/xguest_u_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mcs/xguest_u_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -177,25 +177,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:xdm_t xguest_r:xguest_t:s0
+system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.6/config/appconfig-mls/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.7/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/config/appconfig-mls/guest_u_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-mls/guest_u_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.6/config/appconfig-standard/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.7/config/appconfig-standard/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/config/appconfig-standard/guest_u_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-standard/guest_u_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t guest_r:guest_t
+system_r:remote_login_t guest_r:guest_t
+system_r:sshd_t guest_r:guest_t
+system_r:crond_t guest_r:guest_crond_t
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.5.6/config/appconfig-standard/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.5.7/config/appconfig-standard/root_default_contexts
--- nsaserefpolicy/config/appconfig-standard/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.6/config/appconfig-standard/root_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-standard/root_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -1,11 +1,7 @@
system_r:crond_t unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
system_r:local_login_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -209,18 +209,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
#
-#system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
+system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.5.6/config/appconfig-standard/xguest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.5.7/config/appconfig-standard/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/config/appconfig-standard/xguest_u_default_contexts 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/config/appconfig-standard/xguest_u_default_contexts 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,5 @@
+system_r:local_login_t xguest_r:xguest_t
+system_r:remote_login_t xguest_r:xguest_t
+system_r:sshd_t xguest_r:xguest_t
+system_r:crond_t xguest_r:xguest_crond_t
+system_r:xdm_t xguest_r:xguest_t
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.5.6/policy/global_tunables
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.5.7/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/global_tunables 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/global_tunables 2008-09-08 10:19:44.000000000 -0400
@@ -34,7 +34,7 @@
## <desc>
@@ -259,9 +259,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+gen_tunable(allow_console_login,false)
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.5.6/policy/modules/admin/alsa.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.5.7/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/alsa.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/alsa.te 2008-09-08 10:19:44.000000000 -0400
@@ -51,6 +51,8 @@
auth_use_nsswitch(alsa_t)
@@ -271,9 +271,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
libs_use_ld_so(alsa_t)
libs_use_shared_libs(alsa_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.5.6/policy/modules/admin/anaconda.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.5.7/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/anaconda.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/anaconda.te 2008-09-08 10:19:44.000000000 -0400
@@ -31,6 +31,7 @@
modutils_domtrans_insmod(anaconda_t)
@@ -282,9 +282,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unprivuser_home_dir_filetrans_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.5.6/policy/modules/admin/certwatch.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.5.7/policy/modules/admin/certwatch.te
--- nsaserefpolicy/policy/modules/admin/certwatch.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/certwatch.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/certwatch.te 2008-09-08 10:19:44.000000000 -0400
@@ -15,8 +15,19 @@
#
# Local policy
@@ -321,9 +321,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ pcscd_stream_connect(certwatch_t)
+ pcscd_read_pub_files(certwatch_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.5.6/policy/modules/admin/consoletype.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.5.7/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/consoletype.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/consoletype.te 2008-09-08 10:19:44.000000000 -0400
@@ -8,9 +8,11 @@
type consoletype_t;
@@ -347,9 +347,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
term_use_all_terms(consoletype_t)
init_use_fds(consoletype_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.6/policy/modules/admin/firstboot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.7/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/firstboot.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/firstboot.te 2008-09-08 10:19:44.000000000 -0400
@@ -118,15 +118,7 @@
usermanage_domtrans_admin_passwd(firstboot_t)
')
@@ -369,9 +369,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_unconfined(firstboot_t)
')
-') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.5.6/policy/modules/admin/kismet.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.5.7/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/kismet.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/kismet.te 2008-09-08 10:19:44.000000000 -0400
@@ -26,7 +26,10 @@
#
@@ -392,9 +392,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(kismet_t)
files_read_etc_files(kismet_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.6/policy/modules/admin/kudzu.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.7/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/kudzu.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/kudzu.te 2008-09-08 10:19:44.000000000 -0400
@@ -21,8 +21,8 @@
# Local policy
#
@@ -423,9 +423,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# kudzu will telinit to make init re-read
# the inittab after configuring serial consoles
init_telinit(kudzu_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.5.6/policy/modules/admin/logrotate.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.5.7/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2008-09-03 10:17:00.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/logrotate.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/logrotate.te 2008-09-08 10:19:44.000000000 -0400
@@ -97,6 +97,7 @@
files_read_etc_files(logrotate_t)
files_read_etc_runtime_files(logrotate_t)
@@ -442,9 +442,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- squid_domtrans(logrotate_t)
+ squid_signal(logrotate_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.5.6/policy/modules/admin/logwatch.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.5.7/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/logwatch.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/logwatch.te 2008-09-08 10:19:44.000000000 -0400
@@ -54,18 +54,19 @@
domain_read_all_domains_state(logwatch_t)
@@ -474,9 +474,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
samba_read_log(logwatch_t)
+ samba_read_share_files(logwatch_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.5.6/policy/modules/admin/mrtg.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.5.7/policy/modules/admin/mrtg.te
--- nsaserefpolicy/policy/modules/admin/mrtg.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/mrtg.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/mrtg.te 2008-09-08 10:19:44.000000000 -0400
@@ -78,6 +78,7 @@
dev_read_urand(mrtg_t)
@@ -534,9 +534,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- dontaudit mrtg_t { boot_t device_t file_t lost_found_t }:dir getattr;
- dontaudit mrtg_t root_t:lnk_file getattr;
-')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.if serefpolicy-3.5.6/policy/modules/admin/netutils.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.if serefpolicy-3.5.7/policy/modules/admin/netutils.if
--- nsaserefpolicy/policy/modules/admin/netutils.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/netutils.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/netutils.if 2008-09-08 10:19:44.000000000 -0400
@@ -70,7 +70,7 @@
########################################
@@ -627,9 +627,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.5.6/policy/modules/admin/netutils.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.5.7/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/netutils.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/netutils.te 2008-09-08 10:19:44.000000000 -0400
@@ -50,6 +50,7 @@
files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
@@ -749,9 +749,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-optional_policy(`
- nscd_socket_use(traceroute_t)
-')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.5.6/policy/modules/admin/prelink.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.5.7/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/prelink.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/prelink.te 2008-09-08 10:19:44.000000000 -0400
@@ -26,7 +26,7 @@
# Local policy
#
@@ -809,9 +809,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(prelink_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.5.6/policy/modules/admin/readahead.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.5.7/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/readahead.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/readahead.te 2008-09-08 10:19:44.000000000 -0400
@@ -22,7 +22,7 @@
# Local policy
#
@@ -829,9 +829,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mls_file_read_all_levels(readahead_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.5.6/policy/modules/admin/rpm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.5.7/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/rpm.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/rpm.fc 2008-09-08 10:19:44.000000000 -0400
@@ -11,7 +11,8 @@
/usr/sbin/system-install-packages -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -860,9 +860,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# SuSE
ifdef(`distro_suse', `
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.5.6/policy/modules/admin/rpm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.5.7/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/rpm.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/rpm.if 2008-09-08 10:19:44.000000000 -0400
@@ -152,6 +152,24 @@
########################################
@@ -1168,9 +1168,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 rpm_t:process signull;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.5.6/policy/modules/admin/rpm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.5.7/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/rpm.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/rpm.te 2008-09-08 10:19:44.000000000 -0400
@@ -31,6 +31,9 @@
files_type(rpm_var_lib_t)
typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -1257,9 +1257,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
usermanage_domtrans_groupadd(rpm_script_t)
usermanage_domtrans_useradd(rpm_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.5.6/policy/modules/admin/su.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.5.7/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/su.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/su.if 2008-09-08 10:19:44.000000000 -0400
@@ -41,15 +41,13 @@
allow $2 $1_su_t:process signal;
@@ -1415,9 +1415,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
#######################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.5.6/policy/modules/admin/sudo.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.5.7/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/sudo.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/sudo.if 2008-09-08 10:19:44.000000000 -0400
@@ -55,7 +55,7 @@
#
@@ -1530,9 +1530,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ term_relabel_all_user_ttys($1_sudo_t)
+ term_relabel_all_user_ptys($1_sudo_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.5.6/policy/modules/admin/tmpreaper.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.5.7/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/tmpreaper.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/tmpreaper.te 2008-09-08 10:19:44.000000000 -0400
@@ -22,12 +22,16 @@
dev_read_urand(tmpreaper_t)
@@ -1577,9 +1577,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(tmpreaper_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.5.6/policy/modules/admin/usermanage.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.5.7/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/usermanage.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/usermanage.te 2008-09-08 10:19:44.000000000 -0400
@@ -97,6 +97,7 @@
# allow checking if a shell is executable
@@ -1650,9 +1650,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(useradd_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.if serefpolicy-3.5.6/policy/modules/admin/vbetool.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.if serefpolicy-3.5.7/policy/modules/admin/vbetool.if
--- nsaserefpolicy/policy/modules/admin/vbetool.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/vbetool.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/vbetool.if 2008-09-08 10:19:44.000000000 -0400
@@ -18,3 +18,34 @@
corecmd_search_bin($1)
domtrans_pattern($1, vbetool_exec_t, vbetool_t)
@@ -1688,9 +1688,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types vbetool_t;
+ allow vbetool_t $3:chr_file rw_term_perms;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.5.6/policy/modules/admin/vbetool.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.5.7/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/vbetool.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/vbetool.te 2008-09-08 10:19:44.000000000 -0400
@@ -23,6 +23,9 @@
dev_rwx_zero(vbetool_t)
dev_read_sysfs(vbetool_t)
@@ -1710,9 +1710,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_exec_pid(vbetool_t)
+ xserver_write_pid(vbetool_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.5.6/policy/modules/admin/vpn.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.5.7/policy/modules/admin/vpn.if
--- nsaserefpolicy/policy/modules/admin/vpn.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/vpn.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/vpn.if 2008-09-08 10:19:44.000000000 -0400
@@ -48,6 +48,7 @@
vpn_domtrans($1)
role $2 types vpnc_t;
@@ -1721,9 +1721,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.5.6/policy/modules/admin/vpn.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.5.7/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/admin/vpn.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/admin/vpn.te 2008-09-08 10:19:44.000000000 -0400
@@ -22,9 +22,10 @@
# Local policy
#
@@ -1745,18 +1745,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sysnet_etc_filetrans_config(vpnc_t)
sysnet_manage_config(vpnc_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.5.6/policy/modules/apps/ethereal.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.5.7/policy/modules/apps/ethereal.fc
--- nsaserefpolicy/policy/modules/apps/ethereal.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/ethereal.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/ethereal.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,4 +1,4 @@
-HOME_DIR/\.ethereal(/.*)? gen_context(system_u:object_r:ROLE_ethereal_home_t,s0)
+HOME_DIR/\.ethereal(/.*)? gen_context(system_u:object_r:ethereal_home_t,s0)
/usr/sbin/ethereal.* -- gen_context(system_u:object_r:ethereal_exec_t,s0)
/usr/sbin/tethereal.* -- gen_context(system_u:object_r:tethereal_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.if serefpolicy-3.5.6/policy/modules/apps/ethereal.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.if serefpolicy-3.5.7/policy/modules/apps/ethereal.if
--- nsaserefpolicy/policy/modules/apps/ethereal.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/ethereal.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/ethereal.if 2008-09-08 10:19:44.000000000 -0400
@@ -35,6 +35,7 @@
template(`ethereal_per_role_template',`
@@ -1860,9 +1860,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
#######################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.te serefpolicy-3.5.6/policy/modules/apps/ethereal.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.te serefpolicy-3.5.7/policy/modules/apps/ethereal.te
--- nsaserefpolicy/policy/modules/apps/ethereal.te 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/ethereal.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/ethereal.te 2008-09-08 10:19:44.000000000 -0400
@@ -16,6 +16,13 @@
type tethereal_tmp_t;
files_tmp_file(tethereal_tmp_t)
@@ -1877,9 +1877,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Tethereal policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if serefpolicy-3.5.6/policy/modules/apps/games.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if serefpolicy-3.5.7/policy/modules/apps/games.if
--- nsaserefpolicy/policy/modules/apps/games.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/games.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/games.if 2008-09-08 10:19:44.000000000 -0400
@@ -130,10 +130,10 @@
sysnet_read_config($1_games_t)
@@ -1919,9 +1919,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ rw_files_pattern($1, games_data_t, games_data_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.5.6/policy/modules/apps/gnome.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.5.7/policy/modules/apps/gnome.fc
--- nsaserefpolicy/policy/modules/apps/gnome.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/gnome.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/gnome.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,8 +1,10 @@
-HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:ROLE_gnome_home_t,s0)
-HOME_DIR/\.gconf(d)?(/.*)? gen_context(system_u:object_r:ROLE_gconf_home_t,s0)
@@ -1939,9 +1939,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+# Don't use because toolchain is broken
+#/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
+HOME_DIR/.pulse(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.5.6/policy/modules/apps/gnome.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.5.7/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/gnome.if 2008-09-04 13:23:42.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/gnome.if 2008-09-08 10:19:44.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
type gconfd_exec_t, gconf_etc_t;
@@ -2188,9 +2188,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ # Connect to pulseaudit server
+ stream_connect_pattern($1, gnome_home_t, gnome_home_t, $2)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.5.6/policy/modules/apps/gnome.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.5.7/policy/modules/apps/gnome.te
--- nsaserefpolicy/policy/modules/apps/gnome.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/gnome.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/gnome.te 2008-09-08 10:19:44.000000000 -0400
@@ -8,8 +8,34 @@
attribute gnomedomain;
@@ -2229,9 +2229,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+# Local Policy
+#
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.5.6/policy/modules/apps/gpg.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.5.7/policy/modules/apps/gpg.fc
--- nsaserefpolicy/policy/modules/apps/gpg.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/gpg.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/gpg.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,9 +1,9 @@
-HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0)
+HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0)
@@ -2246,9 +2246,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
+/usr/lib(64)?/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
+/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.5.6/policy/modules/apps/gpg.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.5.7/policy/modules/apps/gpg.if
--- nsaserefpolicy/policy/modules/apps/gpg.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/gpg.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/gpg.if 2008-09-08 10:19:44.000000000 -0400
@@ -37,6 +37,9 @@
template(`gpg_per_role_template',`
gen_require(`
@@ -2585,9 +2585,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.5.6/policy/modules/apps/gpg.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.5.7/policy/modules/apps/gpg.te
--- nsaserefpolicy/policy/modules/apps/gpg.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/gpg.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/gpg.te 2008-09-08 10:19:44.000000000 -0400
@@ -15,15 +15,253 @@
gen_tunable(gpg_agent_env_file, false)
@@ -2846,9 +2846,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ xserver_stream_connect_xdm_xserver(gpg_pinentry_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.5.6/policy/modules/apps/java.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.5.7/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/java.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/java.fc 2008-09-08 10:19:44.000000000 -0400
@@ -3,14 +3,15 @@
#
/opt/(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -2880,9 +2880,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib64/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.5.6/policy/modules/apps/java.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.5.7/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/java.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/java.if 2008-09-08 10:19:44.000000000 -0400
@@ -32,7 +32,7 @@
## </summary>
## </param>
@@ -3156,9 +3156,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ca_exec($1, java_exec_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.5.6/policy/modules/apps/java.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.5.7/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/java.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/java.te 2008-09-08 10:19:44.000000000 -0400
@@ -6,16 +6,10 @@
# Declarations
#
@@ -3208,15 +3208,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_xdm_rw_shm(java_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.5.6/policy/modules/apps/livecd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.5.7/policy/modules/apps/livecd.fc
--- nsaserefpolicy/policy/modules/apps/livecd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/apps/livecd.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/livecd.fc 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.5.6/policy/modules/apps/livecd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.5.7/policy/modules/apps/livecd.if
--- nsaserefpolicy/policy/modules/apps/livecd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/apps/livecd.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/livecd.if 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,56 @@
+
+## <summary>policy for livecd</summary>
@@ -3274,9 +3274,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ seutil_run_setfiles_mac(livecd_t, $2, $3)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.5.6/policy/modules/apps/livecd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.5.7/policy/modules/apps/livecd.te
--- nsaserefpolicy/policy/modules/apps/livecd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/apps/livecd.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/livecd.te 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,26 @@
+policy_module(livecd, 1.0.0)
+
@@ -3304,9 +3304,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+seutil_domtrans_setfiles_mac(livecd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.5.6/policy/modules/apps/loadkeys.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.5.7/policy/modules/apps/loadkeys.te
--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/loadkeys.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/loadkeys.te 2008-09-08 10:19:44.000000000 -0400
@@ -32,7 +32,6 @@
term_dontaudit_use_console(loadkeys_t)
term_use_unallocated_ttys(loadkeys_t)
@@ -3323,9 +3323,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+unprivuser_dontaudit_write_home_content_files(loadkeys_t)
+unprivuser_dontaudit_list_home_dirs(loadkeys_t)
+sysadm_dontaudit_list_home_dirs(loadkeys_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.5.6/policy/modules/apps/mono.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.5.7/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/mono.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/mono.if 2008-09-08 10:19:44.000000000 -0400
@@ -21,7 +21,106 @@
########################################
@@ -3443,9 +3443,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
corecmd_search_bin($1)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.5.6/policy/modules/apps/mono.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.5.7/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/mono.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/mono.te 2008-09-08 10:19:44.000000000 -0400
@@ -15,7 +15,7 @@
# Local policy
#
@@ -3463,9 +3463,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ xserver_xdm_rw_shm(mono_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.5.6/policy/modules/apps/mozilla.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.5.7/policy/modules/apps/mozilla.fc
--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/mozilla.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/mozilla.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,8 +1,8 @@
-HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
-HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
@@ -3494,9 +3494,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.5.6/policy/modules/apps/mozilla.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.5.7/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/mozilla.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/mozilla.if 2008-09-08 10:19:44.000000000 -0400
@@ -35,7 +35,10 @@
template(`mozilla_per_role_template',`
gen_require(`
@@ -3966,9 +3966,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $2 $1_mozilla_t:unix_stream_socket connectto;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.5.6/policy/modules/apps/mozilla.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.5.7/policy/modules/apps/mozilla.te
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/mozilla.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/mozilla.te 2008-09-08 10:19:44.000000000 -0400
@@ -6,15 +6,20 @@
# Declarations
#
@@ -3997,18 +3997,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+typealias mozilla_tmp_t alias unconfined_mozilla_tmp_t;
+typealias mozilla_home_t alias user_mozilla_home_t;
+typealias mozilla_tmp_t alias user_mozilla_tmp_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.5.6/policy/modules/apps/mplayer.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.5.7/policy/modules/apps/mplayer.fc
--- nsaserefpolicy/policy/modules/apps/mplayer.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/mplayer.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/mplayer.fc 2008-09-08 10:19:44.000000000 -0400
@@ -10,4 +10,4 @@
/usr/bin/mencoder -- gen_context(system_u:object_r:mencoder_exec_t,s0)
/usr/bin/xine -- gen_context(system_u:object_r:mplayer_exec_t,s0)
-HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:ROLE_mplayer_home_t,s0)
+HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:mplayer_home_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.5.6/policy/modules/apps/mplayer.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.5.7/policy/modules/apps/mplayer.if
--- nsaserefpolicy/policy/modules/apps/mplayer.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/mplayer.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/mplayer.if 2008-09-08 10:19:44.000000000 -0400
@@ -34,7 +34,8 @@
#
template(`mplayer_per_role_template',`
@@ -4151,9 +4151,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- read_files_pattern($2, $1_mplayer_home_t, $1_mplayer_home_t)
+ read_files_pattern($2, mplayer_home_t, mplayer_home_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.5.6/policy/modules/apps/mplayer.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.5.7/policy/modules/apps/mplayer.te
--- nsaserefpolicy/policy/modules/apps/mplayer.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/mplayer.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/mplayer.te 2008-09-08 10:19:44.000000000 -0400
@@ -22,3 +22,7 @@
type mplayer_exec_t;
corecmd_executable_file(mplayer_exec_t)
@@ -4162,9 +4162,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+type mplayer_home_t alias user_mplayer_rw_t;
+userdom_user_home_content(user, mplayer_home_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.5.6/policy/modules/apps/nsplugin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.5.7/policy/modules/apps/nsplugin.fc
--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/apps/nsplugin.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/nsplugin.fc 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,8 @@
+
+/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0)
@@ -4174,9 +4174,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
+HOME_DIR/\.gstreamer-.* gen_context(system_u:object_r:nsplugin_home_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.5.6/policy/modules/apps/nsplugin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.5.7/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/apps/nsplugin.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/nsplugin.if 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,292 @@
+
+## <summary>policy for nsplugin</summary>
@@ -4470,9 +4470,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ can_exec($1, nsplugin_rw_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.6/policy/modules/apps/nsplugin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.7/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/apps/nsplugin.te 2008-09-04 08:53:56.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/nsplugin.te 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,226 @@
+
+policy_module(nsplugin, 1.0.0)
@@ -4700,16 +4700,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ mozilla_read_user_home_files(user, nsplugin_config_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.5.6/policy/modules/apps/openoffice.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.5.7/policy/modules/apps/openoffice.fc
--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/apps/openoffice.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/openoffice.fc 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,3 @@
+/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.5.6/policy/modules/apps/openoffice.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.5.7/policy/modules/apps/openoffice.if
--- nsaserefpolicy/policy/modules/apps/openoffice.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/apps/openoffice.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/openoffice.if 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,102 @@
+## <summary>Openoffice</summary>
+
@@ -4813,9 +4813,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ fs_dontaudit_rw_tmpfs_files($1_openoffice_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.5.6/policy/modules/apps/openoffice.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.5.7/policy/modules/apps/openoffice.te
--- nsaserefpolicy/policy/modules/apps/openoffice.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/apps/openoffice.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/openoffice.te 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,14 @@
+
+policy_module(openoffice, 1.0.0)
@@ -4831,17 +4831,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.fc serefpolicy-3.5.6/policy/modules/apps/podsleuth.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.fc serefpolicy-3.5.7/policy/modules/apps/podsleuth.fc
--- nsaserefpolicy/policy/modules/apps/podsleuth.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/podsleuth.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/podsleuth.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,2 +1,4 @@
/usr/bin/podsleuth -- gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/usr/libexec/hal-podsleuth -- gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/var/cache/podsleuth(/.*)? gen_context(system_u:object_r:podsleuth_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.if serefpolicy-3.5.6/policy/modules/apps/podsleuth.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.if serefpolicy-3.5.7/policy/modules/apps/podsleuth.if
--- nsaserefpolicy/policy/modules/apps/podsleuth.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/podsleuth.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/podsleuth.if 2008-09-08 10:19:44.000000000 -0400
@@ -16,4 +16,38 @@
')
@@ -4881,9 +4881,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ dontaudit podsleuth_t $3:chr_file rw_term_perms;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.5.6/policy/modules/apps/podsleuth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.5.7/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/podsleuth.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/podsleuth.te 2008-09-08 10:19:44.000000000 -0400
@@ -11,24 +11,55 @@
application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t;
@@ -4942,9 +4942,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(podsleuth_t)
dbus_system_bus_client_template(podsleuth, podsleuth_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.5.6/policy/modules/apps/qemu.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.5.7/policy/modules/apps/qemu.if
--- nsaserefpolicy/policy/modules/apps/qemu.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/qemu.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/qemu.if 2008-09-08 10:19:44.000000000 -0400
@@ -48,6 +48,48 @@
allow qemu_t $3:chr_file rw_file_perms;
')
@@ -5301,9 +5301,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-# xserver_xdm_rw_shm($1_t)
- ')
-')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.5.6/policy/modules/apps/qemu.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.5.7/policy/modules/apps/qemu.te
--- nsaserefpolicy/policy/modules/apps/qemu.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/qemu.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/qemu.te 2008-09-08 10:19:44.000000000 -0400
@@ -6,6 +6,8 @@
# Declarations
#
@@ -5440,9 +5440,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# qemu_unconfined local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.5.6/policy/modules/apps/screen.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.5.7/policy/modules/apps/screen.fc
--- nsaserefpolicy/policy/modules/apps/screen.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/screen.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/screen.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,7 +1,7 @@
#
# /home
@@ -5452,9 +5452,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /usr
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.5.6/policy/modules/apps/screen.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.5.7/policy/modules/apps/screen.if
--- nsaserefpolicy/policy/modules/apps/screen.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/screen.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/screen.if 2008-09-08 10:19:44.000000000 -0400
@@ -35,6 +35,7 @@
template(`screen_per_role_template',`
gen_require(`
@@ -5507,9 +5507,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state($1_screen_t)
kernel_read_kernel_sysctls($1_screen_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.te serefpolicy-3.5.6/policy/modules/apps/screen.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.te serefpolicy-3.5.7/policy/modules/apps/screen.te
--- nsaserefpolicy/policy/modules/apps/screen.te 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/screen.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/screen.te 2008-09-08 10:19:44.000000000 -0400
@@ -11,3 +11,7 @@
type screen_exec_t;
@@ -5518,18 +5518,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+type user_screen_ro_home_t;
+userdom_user_home_content(user, user_screen_ro_home_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.fc serefpolicy-3.5.6/policy/modules/apps/thunderbird.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.fc serefpolicy-3.5.7/policy/modules/apps/thunderbird.fc
--- nsaserefpolicy/policy/modules/apps/thunderbird.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/thunderbird.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/thunderbird.fc 2008-09-08 10:19:44.000000000 -0400
@@ -3,4 +3,4 @@
#
/usr/bin/thunderbird.* -- gen_context(system_u:object_r:thunderbird_exec_t,s0)
-HOME_DIR/\.thunderbird(/.*)? gen_context(system_u:object_r:ROLE_thunderbird_home_t,s0)
+HOME_DIR/\.thunderbird(/.*)? gen_context(system_u:object_r:user_thunderbird_home_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.if serefpolicy-3.5.6/policy/modules/apps/thunderbird.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.if serefpolicy-3.5.7/policy/modules/apps/thunderbird.if
--- nsaserefpolicy/policy/modules/apps/thunderbird.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/thunderbird.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/thunderbird.if 2008-09-08 10:19:44.000000000 -0400
@@ -43,9 +43,9 @@
application_domain($1_thunderbird_t, thunderbird_exec_t)
role $3 types $1_thunderbird_t;
@@ -5601,9 +5601,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_user_home_dir_filetrans($1, $1_thunderbird_t, $1_untrusted_content_tmp_t, { file dir })
userdom_user_home_content_filetrans($1, $1_thunderbird_t, $1_untrusted_content_tmp_t, { file dir })
',`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.te serefpolicy-3.5.6/policy/modules/apps/thunderbird.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.te serefpolicy-3.5.7/policy/modules/apps/thunderbird.te
--- nsaserefpolicy/policy/modules/apps/thunderbird.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/thunderbird.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/thunderbird.te 2008-09-08 10:19:44.000000000 -0400
@@ -8,3 +8,7 @@
type thunderbird_exec_t;
@@ -5612,9 +5612,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+type user_thunderbird_home_t alias user_thunderbird_rw_t;
+userdom_user_home_content(user, user_thunderbird_home_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.if serefpolicy-3.5.6/policy/modules/apps/tvtime.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.if serefpolicy-3.5.7/policy/modules/apps/tvtime.if
--- nsaserefpolicy/policy/modules/apps/tvtime.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/tvtime.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/tvtime.if 2008-09-08 10:19:44.000000000 -0400
@@ -35,6 +35,7 @@
template(`tvtime_per_role_template',`
gen_require(`
@@ -5682,9 +5682,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Allow the user domain to signal/ps.
ps_process_pattern($2,$1_tvtime_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.te serefpolicy-3.5.6/policy/modules/apps/tvtime.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.te serefpolicy-3.5.7/policy/modules/apps/tvtime.te
--- nsaserefpolicy/policy/modules/apps/tvtime.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/tvtime.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/tvtime.te 2008-09-08 10:19:44.000000000 -0400
@@ -11,3 +11,9 @@
type tvtime_dir_t;
@@ -5695,9 +5695,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+type user_tvtime_tmp_t;
+files_tmp_file(user_tvtime_tmp_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc serefpolicy-3.5.6/policy/modules/apps/uml.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc serefpolicy-3.5.7/policy/modules/apps/uml.fc
--- nsaserefpolicy/policy/modules/apps/uml.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/uml.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/uml.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,7 +1,7 @@
#
# HOME_DIR/
@@ -5707,9 +5707,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /usr
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.5.6/policy/modules/apps/vmware.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.5.7/policy/modules/apps/vmware.fc
--- nsaserefpolicy/policy/modules/apps/vmware.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/vmware.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/vmware.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,9 +1,9 @@
#
# HOME_DIR/
@@ -5768,9 +5768,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
+/usr/lib/vmware-tools/sbin32/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+/usr/lib/vmware-tools/sbin64/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.5.6/policy/modules/apps/vmware.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.5.7/policy/modules/apps/vmware.if
--- nsaserefpolicy/policy/modules/apps/vmware.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/vmware.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/vmware.if 2008-09-08 10:19:44.000000000 -0400
@@ -47,11 +47,8 @@
domain_entry_file($1_vmware_t, vmware_exec_t)
role $3 types $1_vmware_t;
@@ -5800,9 +5800,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow $1_vmware_t $1_vmware_tmp_t:file execute;
manage_dirs_pattern($1_vmware_t, $1_vmware_tmp_t, $1_vmware_tmp_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.5.6/policy/modules/apps/vmware.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.5.7/policy/modules/apps/vmware.te
--- nsaserefpolicy/policy/modules/apps/vmware.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/vmware.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/vmware.te 2008-09-08 10:19:44.000000000 -0400
@@ -10,14 +10,14 @@
type vmware_exec_t;
corecmd_executable_file(vmware_exec_t)
@@ -5873,9 +5873,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.5.6/policy/modules/apps/wine.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.5.7/policy/modules/apps/wine.if
--- nsaserefpolicy/policy/modules/apps/wine.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/wine.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/wine.if 2008-09-08 10:19:44.000000000 -0400
@@ -49,3 +49,53 @@
role $2 types wine_t;
allow wine_t $3:chr_file rw_term_perms;
@@ -5930,9 +5930,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_xdm_rw_shm($1_wine_t)
+ ')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.5.6/policy/modules/apps/wine.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.5.7/policy/modules/apps/wine.te
--- nsaserefpolicy/policy/modules/apps/wine.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/wine.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/wine.te 2008-09-08 10:19:44.000000000 -0400
@@ -9,6 +9,7 @@
type wine_t;
type wine_exec_t;
@@ -5959,9 +5959,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ xserver_xdm_rw_shm(wine_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wireshark.if serefpolicy-3.5.6/policy/modules/apps/wireshark.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wireshark.if serefpolicy-3.5.7/policy/modules/apps/wireshark.if
--- nsaserefpolicy/policy/modules/apps/wireshark.if 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/apps/wireshark.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/apps/wireshark.if 2008-09-08 10:19:44.000000000 -0400
@@ -134,7 +134,7 @@
sysnet_read_config($1_wireshark_t)
@@ -5971,9 +5971,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs($1_wireshark_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.5.6/policy/modules/kernel/corecommands.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.5.7/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/corecommands.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/corecommands.fc 2008-09-08 10:19:44.000000000 -0400
@@ -129,6 +129,8 @@
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
')
@@ -6010,9 +6010,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
+/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.5.6/policy/modules/kernel/corecommands.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.5.7/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/corecommands.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/corecommands.if 2008-09-08 10:19:44.000000000 -0400
@@ -894,6 +894,7 @@
read_lnk_files_pattern($1, bin_t, bin_t)
@@ -6021,9 +6021,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.5.6/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-09-03 11:05:02.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/corenetwork.te.in 2008-09-03 15:55:22.000000000 -0400
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.5.7/policy/modules/kernel/corenetwork.te.in
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-09-05 10:28:20.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/corenetwork.te.in 2008-09-08 10:19:44.000000000 -0400
@@ -75,6 +75,7 @@
network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0)
network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
@@ -6081,7 +6081,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
network_port(spamd, tcp,783,s0)
network_port(ssh, tcp,22,s0)
network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
-@@ -167,12 +175,17 @@
+@@ -167,14 +175,18 @@
network_port(syslogd, udp,514,s0)
network_port(telnetd, tcp,23,s0)
network_port(tftp, udp,69,s0)
@@ -6094,15 +6094,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
+
network_port(vnc, tcp,5900,s0)
+-network_port(wccp, udp,2048,s0)
+# Reserve 100 ports for vnc/virt machines
+portcon tcp 5901-5999 gen_context(system_u:object_r:vnc_port_t,s0)
-+network_port(whois, tcp,43,s0, udp,43,s0)
- network_port(wccp, udp,2048,s0)
+ network_port(whois, tcp,43,s0, udp,43,s0)
++network_port(wccp, udp,2048,s0)
network_port(xdmcp, udp,177,s0, tcp,177,s0)
network_port(xen, tcp,8002,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.5.6/policy/modules/kernel/devices.fc
+ network_port(xfs, tcp,7100,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.5.7/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/devices.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/devices.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,7 +1,7 @@
/dev -d gen_context(system_u:object_r:device_t,s0)
@@ -6222,9 +6224,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/dev/pts(/.*)? <<none>>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.5.6/policy/modules/kernel/devices.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.5.7/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/devices.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/devices.if 2008-09-08 10:19:44.000000000 -0400
@@ -65,7 +65,7 @@
relabelfrom_dirs_pattern($1, device_t, device_node)
@@ -6692,9 +6694,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ rw_chr_files_pattern($1, device_t, qemu_device_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.5.6/policy/modules/kernel/devices.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.5.7/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/devices.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/devices.te 2008-09-08 10:19:44.000000000 -0400
@@ -32,6 +32,12 @@
type apm_bios_t;
dev_node(apm_bios_t)
@@ -6760,9 +6762,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Type for /dev/pmu
#
type power_device_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.5.6/policy/modules/kernel/domain.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.5.7/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/domain.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/domain.if 2008-09-08 10:19:44.000000000 -0400
@@ -1247,18 +1247,34 @@
## </summary>
## </param>
@@ -6801,9 +6803,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Allow specified type to receive labeled
## networking packets from all domains, over
## all protocols (TCP, UDP, etc)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.5.6/policy/modules/kernel/domain.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.5.7/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/domain.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/domain.te 2008-09-08 10:19:44.000000000 -0400
@@ -5,6 +5,13 @@
#
# Declarations
@@ -6884,9 +6886,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+# broken kernel
+dontaudit can_change_object_identity can_change_object_identity:key link;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.5.6/policy/modules/kernel/files.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.5.7/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/files.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/files.fc 2008-09-08 10:19:44.000000000 -0400
@@ -32,6 +32,7 @@
/boot/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
/boot/lost\+found/.* <<none>>
@@ -6895,9 +6897,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /emul
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.6/policy/modules/kernel/files.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.7/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/files.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/files.if 2008-09-08 10:19:44.000000000 -0400
@@ -110,6 +110,11 @@
## </param>
#
@@ -7135,7 +7137,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
')
-@@ -4787,3 +4954,53 @@
+@@ -4787,3 +4954,71 @@
typeattribute $1 files_unconfined_type;
')
@@ -7189,9 +7191,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ filetrans_pattern($1, root_t, default_t, dir)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.5.6/policy/modules/kernel/files.te
++########################################
++## <summary>
++## manage generic symbolic links
++## in the /var/run directory.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`files_manage_generic_pids_symlinks',`
++ gen_require(`
++ type var_run_t;
++ ')
++
++ manage_lnk_files_pattern($1,var_run_t,var_run_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.5.7/policy/modules/kernel/files.te
--- nsaserefpolicy/policy/modules/kernel/files.te 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/files.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/files.te 2008-09-08 10:19:44.000000000 -0400
@@ -52,11 +52,14 @@
#
# etc_t is the type of the system etc directories.
@@ -7228,9 +7248,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.5.6/policy/modules/kernel/filesystem.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.5.7/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/filesystem.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/filesystem.if 2008-09-08 10:19:44.000000000 -0400
@@ -535,6 +535,24 @@
########################################
@@ -7663,9 +7683,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ dontaudit $1 fusefs_t:file manage_file_perms;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.5.6/policy/modules/kernel/filesystem.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.5.7/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/filesystem.te 2008-09-04 09:20:07.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/filesystem.te 2008-09-08 10:19:44.000000000 -0400
@@ -21,7 +21,6 @@
# Use xattrs for the following filesystem types.
@@ -7694,9 +7714,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.5.6/policy/modules/kernel/kernel.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.5.7/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/kernel.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/kernel.if 2008-09-08 10:19:44.000000000 -0400
@@ -1198,6 +1198,7 @@
')
@@ -7738,9 +7758,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Unconfined access to kernel module resources.
## </summary>
## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.5.6/policy/modules/kernel/kernel.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.5.7/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/kernel.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/kernel.te 2008-09-08 10:19:44.000000000 -0400
@@ -63,6 +63,15 @@
genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
@@ -7774,9 +7794,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`read_default_t',`
files_list_default(kernel_t)
files_read_default_files(kernel_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.5.6/policy/modules/kernel/selinux.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.5.7/policy/modules/kernel/selinux.if
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/selinux.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/selinux.if 2008-09-08 10:19:44.000000000 -0400
@@ -164,6 +164,7 @@
type security_t;
')
@@ -7895,9 +7915,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_type($1)
+ mls_trusted_object($1)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-3.5.6/policy/modules/kernel/selinux.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-3.5.7/policy/modules/kernel/selinux.te
--- nsaserefpolicy/policy/modules/kernel/selinux.te 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/kernel/selinux.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/kernel/selinux.te 2008-09-08 10:19:44.000000000 -0400
@@ -10,6 +10,7 @@
attribute can_setenforce;
attribute can_setsecparam;
@@ -7918,14 +7938,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.5.6/policy/modules/roles/guest.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.5.7/policy/modules/roles/guest.fc
--- nsaserefpolicy/policy/modules/roles/guest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/guest.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/guest.fc 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1 @@
+# file contexts handled by userdomain and genhomedircon
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.if serefpolicy-3.5.6/policy/modules/roles/guest.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.if serefpolicy-3.5.7/policy/modules/roles/guest.if
--- nsaserefpolicy/policy/modules/roles/guest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/guest.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/guest.if 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,161 @@
+## <summary>Least privledge terminal user role</summary>
+
@@ -8088,9 +8108,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ read_files_pattern($1, { guest_home_dir_t guest_home_t }, guest_home_t)
+ read_lnk_files_pattern($1, { guest_home_dir_t guest_home_t }, guest_home_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.5.6/policy/modules/roles/guest.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.5.7/policy/modules/roles/guest.te
--- nsaserefpolicy/policy/modules/roles/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/guest.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/guest.te 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,44 @@
+
+policy_module(guest, 1.0.0)
@@ -8136,14 +8156,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ domtrans_pattern(xguest_mozilla_t, openoffice_exec_t, xguest_openoffice_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.fc serefpolicy-3.5.6/policy/modules/roles/logadm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.fc serefpolicy-3.5.7/policy/modules/roles/logadm.fc
--- nsaserefpolicy/policy/modules/roles/logadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/logadm.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/logadm.fc 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1 @@
+# file contexts handled by userdomain and genhomedircon
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.if serefpolicy-3.5.6/policy/modules/roles/logadm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.if serefpolicy-3.5.7/policy/modules/roles/logadm.if
--- nsaserefpolicy/policy/modules/roles/logadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/logadm.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/logadm.if 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,44 @@
+## <summary>Audit administrator role</summary>
+
@@ -8189,9 +8209,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+template(`logadm_role_change_to_template',`
+ userdom_role_change_template(logadm, $1)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.te serefpolicy-3.5.6/policy/modules/roles/logadm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.te serefpolicy-3.5.7/policy/modules/roles/logadm.te
--- nsaserefpolicy/policy/modules/roles/logadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/logadm.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/logadm.te 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,20 @@
+
+policy_module(logadm, 1.0.0)
@@ -8213,9 +8233,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
+
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.6/policy/modules/roles/staff.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.7/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/roles/staff.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/staff.te 2008-09-08 10:19:44.000000000 -0400
@@ -8,23 +8,52 @@
role staff_r;
@@ -8270,9 +8290,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ webadm_role_change_template(staff)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.6/policy/modules/roles/sysadm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.7/policy/modules/roles/sysadm.if
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/roles/sysadm.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/sysadm.if 2008-09-08 10:19:44.000000000 -0400
@@ -334,10 +334,10 @@
#
interface(`sysadm_getattr_home_dirs',`
@@ -8432,9 +8452,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
## <summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.if serefpolicy-3.5.6/policy/modules/roles/unprivuser.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.5.7/policy/modules/roles/sysadm.te
+--- nsaserefpolicy/policy/modules/roles/sysadm.te 2008-08-07 11:15:11.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/sysadm.te 2008-09-08 11:37:16.000000000 -0400
+@@ -171,6 +171,10 @@
+ ')
+
+ optional_policy(`
++ kerberos_exec_kadmind(sysadm_t)
++')
++
++optional_policy(`
+ kudzu_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
+ ')
+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.if serefpolicy-3.5.7/policy/modules/roles/unprivuser.if
--- nsaserefpolicy/policy/modules/roles/unprivuser.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/roles/unprivuser.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/unprivuser.if 2008-09-08 10:19:44.000000000 -0400
@@ -62,6 +62,26 @@
files_home_filetrans($1, user_home_dir_t, dir)
')
@@ -9078,9 +9112,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ')
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.5.6/policy/modules/roles/unprivuser.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.5.7/policy/modules/roles/unprivuser.te
--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/roles/unprivuser.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/unprivuser.te 2008-09-08 10:19:44.000000000 -0400
@@ -13,3 +13,23 @@
userdom_unpriv_user_template(user)
@@ -9105,14 +9139,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ setroubleshoot_dontaudit_stream_connect(user_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.fc serefpolicy-3.5.6/policy/modules/roles/webadm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.fc serefpolicy-3.5.7/policy/modules/roles/webadm.fc
--- nsaserefpolicy/policy/modules/roles/webadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/webadm.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/webadm.fc 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1 @@
+# No webadm file contexts.
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.if serefpolicy-3.5.6/policy/modules/roles/webadm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.if serefpolicy-3.5.7/policy/modules/roles/webadm.if
--- nsaserefpolicy/policy/modules/roles/webadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/webadm.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/webadm.if 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,44 @@
+## <summary>Policy for webadm role</summary>
+
@@ -9158,9 +9192,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+template(`webadm_role_change_to_template',`
+ userdom_role_change_template(webadm, $1)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.te serefpolicy-3.5.6/policy/modules/roles/webadm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.te serefpolicy-3.5.7/policy/modules/roles/webadm.te
--- nsaserefpolicy/policy/modules/roles/webadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/webadm.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/webadm.te 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,65 @@
+
+policy_module(webadm, 1.0.0)
@@ -9227,14 +9261,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ unprivuser_write_tmp_files(webadm_t)
+')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.fc serefpolicy-3.5.6/policy/modules/roles/xguest.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.fc serefpolicy-3.5.7/policy/modules/roles/xguest.fc
--- nsaserefpolicy/policy/modules/roles/xguest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/xguest.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/xguest.fc 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1 @@
+# file contexts handled by userdomain and genhomedircon
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.if serefpolicy-3.5.6/policy/modules/roles/xguest.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.if serefpolicy-3.5.7/policy/modules/roles/xguest.if
--- nsaserefpolicy/policy/modules/roles/xguest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/xguest.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/xguest.if 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,161 @@
+## <summary>Least privledge X Windows user role</summary>
+
@@ -9397,9 +9431,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ read_files_pattern($1, { xguest_home_dir_t xguest_home_t }, xguest_home_t)
+ read_lnk_files_pattern($1, { xguest_home_dir_t xguest_home_t }, xguest_home_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.5.6/policy/modules/roles/xguest.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.5.7/policy/modules/roles/xguest.te
--- nsaserefpolicy/policy/modules/roles/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/roles/xguest.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/roles/xguest.te 2008-09-08 10:19:44.000000000 -0400
@@ -0,0 +1,83 @@
+
+policy_module(xguest, 1.0.0)
@@ -9484,9 +9518,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ')
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.if serefpolicy-3.5.6/policy/modules/services/aide.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.if serefpolicy-3.5.7/policy/modules/services/aide.if
--- nsaserefpolicy/policy/modules/services/aide.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/aide.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/aide.if 2008-09-08 10:19:44.000000000 -0400
@@ -70,9 +70,11 @@
allow $1 aide_t:process { ptrace signal_perms };
ps_process_pattern($1, aide_t)
@@ -9501,11 +9535,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, aide_log_t, aide_log_t)
+ admin_pattern($1, aide_log_t, aide_log_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.fc serefpolicy-3.5.6/policy/modules/services/amavis.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.fc serefpolicy-3.5.7/policy/modules/services/amavis.fc
--- nsaserefpolicy/policy/modules/services/amavis.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/amavis.fc 2008-09-03 15:55:22.000000000 -0400
-@@ -3,6 +3,7 @@
- /etc/amavisd(/.*)? -- gen_context(system_u:object_r:amavis_etc_t,s0)
++++ serefpolicy-3.5.7/policy/modules/services/amavis.fc 2008-09-08 16:03:15.000000000 -0400
+@@ -1,8 +1,9 @@
+
+ /etc/amavis\.conf -- gen_context(system_u:object_r:amavis_etc_t,s0)
+-/etc/amavisd(/.*)? -- gen_context(system_u:object_r:amavis_etc_t,s0)
++/etc/amavisd(/.*)? gen_context(system_u:object_r:amavis_etc_t,s0)
/usr/sbin/amavisd.* -- gen_context(system_u:object_r:amavis_exec_t,s0)
+/usr/lib(64)?/AntiVir/antivir -- gen_context(system_u:object_r:amavis_exec_t,s0)
@@ -9518,9 +9555,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/virusmails(/.*)? gen_context(system_u:object_r:amavis_quarantine_t,s0)
+
+/etc/rc\.d/init\.d/amavis -- gen_context(system_u:object_r:amavis_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.5.6/policy/modules/services/amavis.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.5.7/policy/modules/services/amavis.if
--- nsaserefpolicy/policy/modules/services/amavis.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/amavis.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/amavis.if 2008-09-08 10:19:44.000000000 -0400
@@ -189,6 +189,25 @@
########################################
@@ -9590,9 +9627,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, amavis_var_run_t, amavis_var_run_t)
+ admin_pattern($1, amavis_var_run_t, amavis_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.5.6/policy/modules/services/amavis.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.5.7/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/amavis.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/amavis.te 2008-09-08 10:19:44.000000000 -0400
@@ -13,7 +13,7 @@
# configuration files
@@ -9621,9 +9658,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# configuration files
allow amavis_t amavis_etc_t:dir list_dir_perms;
read_files_pattern(amavis_t, amavis_etc_t, amavis_etc_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.5.6/policy/modules/services/apache.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.5.7/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/apache.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/apache.fc 2008-09-08 10:19:44.000000000 -0400
@@ -1,10 +1,10 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -9712,9 +9749,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/www/html/[^/]*/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
+
+/etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.5.6/policy/modules/services/apache.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.5.7/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/apache.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/apache.if 2008-09-08 10:19:44.000000000 -0400
@@ -13,21 +13,16 @@
#
template(`apache_content_template',`
@@ -10383,9 +10420,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ')
+ typeattribute $1 httpd_rw_content;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.6/policy/modules/services/apache.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.7/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/apache.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/apache.te 2008-09-08 10:19:44.000000000 -0400
@@ -20,6 +20,8 @@
# Declarations
#
@@ -10583,8 +10620,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+## </desc>
+gen_tunable(allow_httpd_mod_auth_pam, false)
+
- tunable_policy(`allow_httpd_mod_auth_pam',`
-- auth_domtrans_chk_passwd(httpd_t)
++tunable_policy(`allow_httpd_mod_auth_pam',`
+ auth_domtrans_chkpwd(httpd_t)
+')
+
@@ -10595,12 +10631,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+## </desc>
+gen_tunable(allow_httpd_mod_auth_ntlm_winbind, false)
+optional_policy(`
-+tunable_policy(`allow_httpd_mod_auth_pam',`
+ tunable_policy(`allow_httpd_mod_auth_pam',`
+- auth_domtrans_chk_passwd(httpd_t)
+ samba_domtrans_winbind_helper(httpd_t)
')
')
-@@ -370,35 +437,57 @@
+@@ -370,20 +437,45 @@
corenet_tcp_connect_all_ports(httpd_t)
')
@@ -10627,30 +10664,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_sendrecv_http_cache_client_packets(httpd_t)
')
--tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
-- domtrans_pattern(httpd_t, httpdcontent, httpd_sys_script_t)
+tunable_policy(`httpd_enable_cgi && httpd_unified',`
+ allow httpd_sys_script_t httpd_sys_content_t:file entrypoint;
+ filetrans_pattern(httpd_sys_script_t, httpd_sys_content_t, httpd_sys_content_rw_t, { file dir lnk_file })
+ can_exec(httpd_sys_script_t, httpd_sys_content_t)
+')
-
-- manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
-- manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
-- manage_lnk_files_pattern(httpd_t, httpdcontent, httpdcontent)
++
+tunable_policy(`allow_httpd_sys_script_anon_write',`
+ miscfiles_manage_public_files(httpd_sys_script_t)
+')
+
-+tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
+ tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
+- domtrans_pattern(httpd_t, httpdcontent, httpd_sys_script_t)
+ domtrans_pattern(httpd_t, httpd_sys_content_t, httpd_sys_script_t)
+ filetrans_pattern(httpd_t, httpd_sys_content_t, httpd_sys_content_rw_t, { file dir lnk_file })
+ manage_dirs_pattern(httpd_t, httpdcontent, httpd_sys_content_rw_t)
+ manage_files_pattern(httpd_t, httpdcontent, httpd_sys_content_rw_t)
+ manage_lnk_files_pattern(httpd_t, httpdcontent, httpd_sys_content_rw_t)
- ')
- tunable_policy(`httpd_enable_ftp_server',`
+ manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
+ manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
+@@ -394,11 +486,12 @@
corenet_tcp_bind_ftp_port(httpd_t)
')
@@ -10666,7 +10700,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_read_nfs_files(httpd_t)
fs_read_nfs_symlinks(httpd_t)
')
-@@ -408,6 +497,11 @@
+@@ -408,6 +501,11 @@
fs_read_cifs_symlinks(httpd_t)
')
@@ -10678,7 +10712,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`httpd_ssi_exec',`
corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
allow httpd_sys_script_t httpd_t:fd use;
-@@ -441,8 +535,13 @@
+@@ -441,8 +539,13 @@
')
optional_policy(`
@@ -10694,7 +10728,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -454,18 +553,13 @@
+@@ -454,18 +557,13 @@
')
optional_policy(`
@@ -10714,7 +10748,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -475,6 +569,12 @@
+@@ -475,6 +573,12 @@
openca_kill(httpd_t)
')
@@ -10727,7 +10761,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
# Allow httpd to work with postgresql
postgresql_stream_connect(httpd_t)
-@@ -482,6 +582,7 @@
+@@ -482,6 +586,7 @@
tunable_policy(`httpd_can_network_connect_db',`
postgresql_tcp_connect(httpd_t)
@@ -10735,7 +10769,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
')
-@@ -490,6 +591,7 @@
+@@ -490,6 +595,7 @@
')
optional_policy(`
@@ -10743,7 +10777,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
')
-@@ -519,9 +621,28 @@
+@@ -519,9 +625,28 @@
logging_send_syslog_msg(httpd_helper_t)
tunable_policy(`httpd_tty_comm',`
@@ -10772,7 +10806,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Apache PHP script local policy
-@@ -551,22 +672,27 @@
+@@ -551,22 +676,27 @@
fs_search_auto_mountpoints(httpd_php_t)
@@ -10806,7 +10840,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -590,6 +716,8 @@
+@@ -590,6 +720,8 @@
manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
@@ -10815,7 +10849,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_kernel_sysctls(httpd_suexec_t)
kernel_list_proc(httpd_suexec_t)
kernel_read_proc_symlinks(httpd_suexec_t)
-@@ -598,9 +726,7 @@
+@@ -598,9 +730,7 @@
fs_search_auto_mountpoints(httpd_suexec_t)
@@ -10826,7 +10860,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(httpd_suexec_t)
files_read_usr_files(httpd_suexec_t)
-@@ -633,12 +759,21 @@
+@@ -633,12 +763,25 @@
corenet_sendrecv_all_client_packets(httpd_suexec_t)
')
@@ -10842,6 +10876,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ domtrans_pattern(httpd_suexec_t, httpd_user_script_ro_t, httpd_user_script_t)
+ domtrans_pattern(httpd_suexec_t, httpd_user_script_ra_t, httpd_user_script_t)
+ domtrans_pattern(httpd_suexec_t, httpd_user_script_rw_t, httpd_user_script_t)
++
++ manage_dirs_pattern(httpd_sys_script_t, httpdcontent, httpdcontent)
++ manage_files_pattern(httpd_sys_script_t, httpdcontent, httpdcontent)
++ manage_lnk_files_pattern(httpd_sys_script_t, httpdcontent, httpdcontent)
')
-
-tunable_policy(`httpd_enable_homedirs',`
@@ -10851,7 +10889,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -647,6 +782,12 @@
+@@ -647,6 +790,12 @@
fs_exec_nfs_files(httpd_suexec_t)
')
@@ -10864,7 +10902,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_suexec_t)
fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -664,10 +805,6 @@
+@@ -664,10 +813,6 @@
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
')
@@ -10875,7 +10913,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Apache system script local policy
-@@ -677,7 +814,8 @@
+@@ -677,7 +822,8 @@
dontaudit httpd_sys_script_t httpd_config_t:dir search;
@@ -10885,7 +10923,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
read_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_spool_t)
-@@ -691,12 +829,15 @@
+@@ -691,12 +837,15 @@
# Should we add a boolean?
apache_domtrans_rotatelogs(httpd_sys_script_t)
@@ -10903,7 +10941,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -704,6 +845,28 @@
+@@ -704,6 +853,28 @@
fs_read_nfs_symlinks(httpd_sys_script_t)
')
@@ -10932,7 +10970,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_sys_script_t)
fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -716,10 +879,10 @@
+@@ -716,10 +887,10 @@
optional_policy(`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_sockets(httpd_sys_script_t)
@@ -10947,7 +10985,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -727,6 +890,8 @@
+@@ -727,6 +898,8 @@
# httpd_rotatelogs local policy
#
@@ -10956,7 +10994,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern(httpd_rotatelogs_t, httpd_log_t, httpd_log_t)
kernel_read_kernel_sysctls(httpd_rotatelogs_t)
-@@ -741,3 +906,56 @@
+@@ -741,3 +914,56 @@
logging_search_logs(httpd_rotatelogs_t)
miscfiles_read_localization(httpd_rotatelogs_t)
@@ -11013,18 +11051,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+manage_dirs_pattern(httpd_t,httpdcontent,httpd_rw_content)
+manage_files_pattern(httpd_t,httpdcontent,httpd_rw_content)
+manage_lnk_files_pattern(httpd_t,httpdcontent,httpd_rw_content)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.5.6/policy/modules/services/apcupsd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.5.7/policy/modules/services/apcupsd.fc
--- nsaserefpolicy/policy/modules/services/apcupsd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/apcupsd.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/apcupsd.fc 2008-09-08 10:19:44.000000000 -0400
@@ -13,3 +13,5 @@
/var/www/apcupsd/upsfstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsimage\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
+
+/etc/rc\.d/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-3.5.6/policy/modules/services/apcupsd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-3.5.7/policy/modules/services/apcupsd.if
--- nsaserefpolicy/policy/modules/services/apcupsd.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/apcupsd.if 2008-09-04 16:00:46.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/apcupsd.if 2008-09-08 10:19:44.000000000 -0400
@@ -90,10 +90,81 @@
## </summary>
## </param>
@@ -11108,9 +11146,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, apcupsd_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.5.6/policy/modules/services/apcupsd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.5.7/policy/modules/services/apcupsd.te
--- nsaserefpolicy/policy/modules/services/apcupsd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/apcupsd.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/apcupsd.te 2008-09-08 10:19:44.000000000 -0400
@@ -22,6 +22,9 @@
type apcupsd_var_run_t;
files_pid_file(apcupsd_var_run_t)
@@ -11140,18 +11178,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.fc serefpolicy-3.5.6/policy/modules/services/arpwatch.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.fc serefpolicy-3.5.7/policy/modules/services/arpwatch.fc
--- nsaserefpolicy/policy/modules/services/arpwatch.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/arpwatch.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/arpwatch.fc 2008-09-08 10:19:44.000000000 -0400
@@ -9,3 +9,5 @@
#
/var/arpwatch(/.*)? gen_context(system_u:object_r:arpwatch_data_t,s0)
/var/lib/arpwatch(/.*)? gen_context(system_u:object_r:arpwatch_data_t,s0)
+
+/etc/rc\.d/init\.d/arpwatch -- gen_context(system_u:object_r:arpwatch_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.5.6/policy/modules/services/arpwatch.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.5.7/policy/modules/services/arpwatch.if
--- nsaserefpolicy/policy/modules/services/arpwatch.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/arpwatch.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/arpwatch.if 2008-09-08 10:19:44.000000000 -0400
@@ -90,3 +90,73 @@
dontaudit $1 arpwatch_t:packet_socket { read write };
@@ -11226,9 +11264,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, arpwatch_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.5.6/policy/modules/services/arpwatch.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.5.7/policy/modules/services/arpwatch.te
--- nsaserefpolicy/policy/modules/services/arpwatch.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/arpwatch.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/arpwatch.te 2008-09-08 10:19:44.000000000 -0400
@@ -19,6 +19,9 @@
type arpwatch_var_run_t;
files_pid_file(arpwatch_var_run_t)
@@ -11239,17 +11277,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.fc serefpolicy-3.5.6/policy/modules/services/asterisk.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.fc serefpolicy-3.5.7/policy/modules/services/asterisk.fc
--- nsaserefpolicy/policy/modules/services/asterisk.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/asterisk.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/asterisk.fc 2008-09-08 10:19:44.000000000 -0400
@@ -6,3 +6,4 @@
/var/log/asterisk(/.*)? gen_context(system_u:object_r:asterisk_log_t,s0)
/var/run/asterisk(/.*)? gen_context(system_u:object_r:asterisk_var_run_t,s0)
/var/spool/asterisk(/.*)? gen_context(system_u:object_r:asterisk_spool_t,s0)
+/etc/rc\.d/init\.d/asterisk -- gen_context(system_u:object_r:asterisk_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.5.6/policy/modules/services/asterisk.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.5.7/policy/modules/services/asterisk.if
--- nsaserefpolicy/policy/modules/services/asterisk.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/asterisk.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/asterisk.if 2008-09-08 10:19:44.000000000 -0400
@@ -1 +1,83 @@
## <summary>Asterisk IP telephony server</summary>
+
@@ -11334,9 +11372,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, asterisk_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.5.6/policy/modules/services/asterisk.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.5.7/policy/modules/services/asterisk.te
--- nsaserefpolicy/policy/modules/services/asterisk.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/asterisk.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/asterisk.te 2008-09-08 10:19:44.000000000 -0400
@@ -31,6 +31,9 @@
type asterisk_var_run_t;
files_pid_file(asterisk_var_run_t)
@@ -11347,18 +11385,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audioentropy.fc serefpolicy-3.5.6/policy/modules/services/audioentropy.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audioentropy.fc serefpolicy-3.5.7/policy/modules/services/audioentropy.fc
--- nsaserefpolicy/policy/modules/services/audioentropy.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/audioentropy.fc 2008-09-04 08:51:02.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/audioentropy.fc 2008-09-08 10:19:44.000000000 -0400
@@ -2,3 +2,5 @@
# /usr
#
/usr/sbin/audio-entropyd -- gen_context(system_u:object_r:entropyd_exec_t,s0)
+
+/var/run/audio-entropyd\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audioentropy.te serefpolicy-3.5.6/policy/modules/services/audioentropy.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audioentropy.te serefpolicy-3.5.7/policy/modules/services/audioentropy.te
--- nsaserefpolicy/policy/modules/services/audioentropy.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/audioentropy.te 2008-09-04 08:51:20.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/audioentropy.te 2008-09-08 10:19:44.000000000 -0400
@@ -35,6 +35,7 @@
dev_read_rand(entropyd_t)
dev_write_rand(entropyd_t)
@@ -11367,9 +11405,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(entropyd_t)
fs_search_auto_mountpoints(entropyd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.fc serefpolicy-3.5.6/policy/modules/services/automount.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.fc serefpolicy-3.5.7/policy/modules/services/automount.fc
--- nsaserefpolicy/policy/modules/services/automount.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/automount.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/automount.fc 2008-09-08 10:19:44.000000000 -0400
@@ -12,4 +12,7 @@
# /var
#
@@ -11379,9 +11417,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/rc\.d/init\.d/autofs -- gen_context(system_u:object_r:automount_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.5.6/policy/modules/services/automount.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.5.7/policy/modules/services/automount.if
--- nsaserefpolicy/policy/modules/services/automount.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/automount.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/automount.if 2008-09-08 10:19:44.000000000 -0400
@@ -74,3 +74,109 @@
dontaudit $1 automount_tmp_t:dir getattr;
@@ -11492,9 +11530,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, automount_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.5.6/policy/modules/services/automount.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.5.7/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/automount.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/automount.te 2008-09-08 10:19:44.000000000 -0400
@@ -20,6 +20,9 @@
files_tmp_file(automount_tmp_t)
files_mountpoint(automount_tmp_t)
@@ -11588,9 +11626,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.fc serefpolicy-3.5.6/policy/modules/services/avahi.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.fc serefpolicy-3.5.7/policy/modules/services/avahi.fc
--- nsaserefpolicy/policy/modules/services/avahi.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/avahi.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/avahi.fc 2008-09-08 10:19:44.000000000 -0400
@@ -3,3 +3,7 @@
/usr/sbin/avahi-dnsconfd -- gen_context(system_u:object_r:avahi_exec_t,s0)
@@ -11599,9 +11637,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/rc\.d/init\.d/avahi -- gen_context(system_u:object_r:avahi_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.5.6/policy/modules/services/avahi.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.5.7/policy/modules/services/avahi.if
--- nsaserefpolicy/policy/modules/services/avahi.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/avahi.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/avahi.if 2008-09-08 10:19:44.000000000 -0400
@@ -57,3 +57,64 @@
dontaudit $1 avahi_var_run_t:dir search_dir_perms;
@@ -11667,9 +11705,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, avahi_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.5.6/policy/modules/services/avahi.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.5.7/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/avahi.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/avahi.te 2008-09-08 10:19:44.000000000 -0400
@@ -13,6 +13,9 @@
type avahi_var_run_t;
files_pid_file(avahi_var_run_t)
@@ -11697,18 +11735,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.5.6/policy/modules/services/bind.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.5.7/policy/modules/services/bind.fc
--- nsaserefpolicy/policy/modules/services/bind.fc 2008-09-03 10:17:00.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/bind.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/bind.fc 2008-09-08 10:19:44.000000000 -0400
@@ -51,3 +51,5 @@
/var/named/chroot/var/log/named.* -- gen_context(system_u:object_r:named_log_t,s0)
/var/named/dynamic(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
')
+
+/etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.5.6/policy/modules/services/bind.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.5.7/policy/modules/services/bind.if
--- nsaserefpolicy/policy/modules/services/bind.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/bind.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/bind.if 2008-09-08 10:19:44.000000000 -0400
@@ -254,3 +254,86 @@
interface(`bind_udp_chat_named',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -11796,9 +11834,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, named_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.5.6/policy/modules/services/bind.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.5.7/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2008-09-03 10:17:00.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/bind.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/bind.te 2008-09-08 10:19:45.000000000 -0400
@@ -53,6 +53,9 @@
init_system_domain(ndc_t, ndc_exec_t)
role system_r types ndc_t;
@@ -11826,9 +11864,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_sendrecv_rndc_client_packets(ndc_t)
domain_use_interactive_fds(ndc_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.fc serefpolicy-3.5.6/policy/modules/services/bitlbee.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.fc serefpolicy-3.5.7/policy/modules/services/bitlbee.fc
--- nsaserefpolicy/policy/modules/services/bitlbee.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/bitlbee.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/bitlbee.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,3 +1,6 @@
/usr/sbin/bitlbee -- gen_context(system_u:object_r:bitlbee_exec_t,s0)
/etc/bitlbee(/.*)? gen_context(system_u:object_r:bitlbee_conf_t,s0)
@@ -11836,9 +11874,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+
+/etc/rc\.d/init\.d/bitlbee -- gen_context(system_u:object_r:bitlbee_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.if serefpolicy-3.5.6/policy/modules/services/bitlbee.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.if serefpolicy-3.5.7/policy/modules/services/bitlbee.if
--- nsaserefpolicy/policy/modules/services/bitlbee.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/bitlbee.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/bitlbee.if 2008-09-08 10:19:45.000000000 -0400
@@ -20,3 +20,70 @@
allow $1 bitlbee_conf_t:file { read getattr };
')
@@ -11910,9 +11948,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.5.6/policy/modules/services/bitlbee.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.5.7/policy/modules/services/bitlbee.te
--- nsaserefpolicy/policy/modules/services/bitlbee.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/bitlbee.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/bitlbee.te 2008-09-08 10:19:45.000000000 -0400
@@ -17,6 +17,12 @@
type bitlbee_var_t;
files_type(bitlbee_var_t)
@@ -11964,9 +12002,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sysnet_dns_name_resolve(bitlbee_t)
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.5.6/policy/modules/services/bluetooth.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.5.7/policy/modules/services/bluetooth.fc
--- nsaserefpolicy/policy/modules/services/bluetooth.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/bluetooth.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/bluetooth.fc 2008-09-08 10:19:45.000000000 -0400
@@ -22,3 +22,8 @@
#
/var/lib/bluetooth(/.*)? gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
@@ -11976,9 +12014,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/rc\.d/init\.d/bluetooth -- gen_context(system_u:object_r:bluetooth_script_exec_t,s0)
+/etc/rc\.d/init\.d/dund -- gen_context(system_u:object_r:bluetooth_script_exec_t,s0)
+/etc/rc\.d/init\.d/pand -- gen_context(system_u:object_r:bluetooth_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.5.6/policy/modules/services/bluetooth.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.5.7/policy/modules/services/bluetooth.if
--- nsaserefpolicy/policy/modules/services/bluetooth.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/bluetooth.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/bluetooth.if 2008-09-08 10:19:45.000000000 -0400
@@ -226,3 +226,88 @@
dontaudit $1 bluetooth_helper_domain:dir search;
dontaudit $1 bluetooth_helper_domain:file { read getattr };
@@ -12068,9 +12106,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, bluetooth_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.5.6/policy/modules/services/bluetooth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.5.7/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/bluetooth.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/bluetooth.te 2008-09-08 10:19:45.000000000 -0400
@@ -32,19 +32,22 @@
type bluetooth_var_run_t;
files_pid_file(bluetooth_var_run_t)
@@ -12143,18 +12181,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.fc serefpolicy-3.5.6/policy/modules/services/canna.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.fc serefpolicy-3.5.7/policy/modules/services/canna.fc
--- nsaserefpolicy/policy/modules/services/canna.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/canna.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/canna.fc 2008-09-08 10:19:45.000000000 -0400
@@ -20,3 +20,5 @@
/var/run/\.iroha_unix -d gen_context(system_u:object_r:canna_var_run_t,s0)
/var/run/\.iroha_unix/.* -s gen_context(system_u:object_r:canna_var_run_t,s0)
/var/run/wnn-unix(/.*) gen_context(system_u:object_r:canna_var_run_t,s0)
+
+/etc/rc\.d/init\.d/canna -- gen_context(system_u:object_r:canna_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.if serefpolicy-3.5.6/policy/modules/services/canna.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.if serefpolicy-3.5.7/policy/modules/services/canna.if
--- nsaserefpolicy/policy/modules/services/canna.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/canna.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/canna.if 2008-09-08 10:19:45.000000000 -0400
@@ -18,3 +18,74 @@
files_search_pids($1)
stream_connect_pattern($1, canna_var_run_t, canna_var_run_t,canna_t)
@@ -12230,9 +12268,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.te serefpolicy-3.5.6/policy/modules/services/canna.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.te serefpolicy-3.5.7/policy/modules/services/canna.te
--- nsaserefpolicy/policy/modules/services/canna.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/canna.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/canna.te 2008-09-08 10:19:45.000000000 -0400
@@ -19,6 +19,9 @@
type canna_var_run_t;
files_pid_file(canna_var_run_t)
@@ -12243,9 +12281,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.5.6/policy/modules/services/clamav.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.5.7/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/clamav.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/clamav.fc 2008-09-08 10:19:45.000000000 -0400
@@ -5,16 +5,18 @@
/usr/bin/freshclam -- gen_context(system_u:object_r:freshclam_exec_t,s0)
@@ -12270,9 +12308,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
+
+/etc/rc\.d/init\.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.5.6/policy/modules/services/clamav.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.5.7/policy/modules/services/clamav.if
--- nsaserefpolicy/policy/modules/services/clamav.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/clamav.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/clamav.if 2008-09-08 10:19:45.000000000 -0400
@@ -38,6 +38,27 @@
########################################
@@ -12418,9 +12456,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, freshclam_var_log_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.5.6/policy/modules/services/clamav.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.5.7/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/clamav.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/clamav.te 2008-09-08 10:19:45.000000000 -0400
@@ -13,7 +13,7 @@
# configuration files
@@ -12517,9 +12555,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ mailscanner_manage_spool(clamscan_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.5.6/policy/modules/services/consolekit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.5.7/policy/modules/services/consolekit.fc
--- nsaserefpolicy/policy/modules/services/consolekit.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/consolekit.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/consolekit.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,3 +1,6 @@
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
@@ -12527,9 +12565,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/ConsoleKit(/.*)? -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
+
+/var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.5.6/policy/modules/services/consolekit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.5.7/policy/modules/services/consolekit.if
--- nsaserefpolicy/policy/modules/services/consolekit.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/consolekit.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/consolekit.if 2008-09-08 10:19:45.000000000 -0400
@@ -38,3 +38,24 @@
allow $1 consolekit_t:dbus send_msg;
allow consolekit_t $1:dbus send_msg;
@@ -12555,9 +12593,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.5.6/policy/modules/services/consolekit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.5.7/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/consolekit.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/consolekit.te 2008-09-08 10:19:45.000000000 -0400
@@ -13,6 +13,9 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -12672,17 +12710,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_dontaudit_rw_cifs_files(consolekit_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.5.6/policy/modules/services/courier.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.5.7/policy/modules/services/courier.fc
--- nsaserefpolicy/policy/modules/services/courier.fc 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/courier.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/courier.fc 2008-09-08 10:19:45.000000000 -0400
@@ -21,3 +21,4 @@
/var/run/courier(/.*)? -- gen_context(system_u:object_r:courier_var_run_t,s0)
/var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
+/var/spool/authdaemon(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.5.6/policy/modules/services/courier.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.5.7/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/courier.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/courier.te 2008-09-08 10:19:45.000000000 -0400
@@ -28,6 +28,7 @@
type courier_exec_t;
@@ -12701,9 +12739,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Calendar (PCP) local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.5.6/policy/modules/services/cron.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.5.7/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cron.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cron.fc 2008-09-08 10:19:45.000000000 -0400
@@ -17,6 +17,8 @@
/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -12718,9 +12756,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
+/var/lib/misc(/.*)? gen_context(system_u:object_r:system_crond_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.5.6/policy/modules/services/cron.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.5.7/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cron.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cron.if 2008-09-08 10:19:45.000000000 -0400
@@ -35,39 +35,24 @@
#
template(`cron_per_role_template',`
@@ -13088,9 +13126,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ read_files_pattern($1, system_crond_var_lib_t, system_crond_var_lib_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.5.6/policy/modules/services/cron.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.5.7/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cron.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cron.te 2008-09-08 10:19:45.000000000 -0400
@@ -12,14 +12,6 @@
## <desc>
@@ -13361,9 +13399,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ userdom_priveleged_home_dir_manager(system_crond_t)
')
-') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.5.6/policy/modules/services/cups.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.5.7/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cups.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cups.fc 2008-09-08 11:56:29.000000000 -0400
@@ -8,6 +8,7 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -13406,7 +13444,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-@@ -43,10 +49,21 @@
+@@ -43,10 +49,22 @@
/var/lib/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/log/cups(/.*)? gen_context(system_u:object_r:cupsd_log_t,s0)
@@ -13414,6 +13452,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/turboprint.* gen_context(system_u:object_r:cupsd_log_t,s0)
/var/run/cups(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
++/var/ccpd(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
/var/run/hp.*\.pid -- gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/hp.*\.port -- gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
@@ -13429,9 +13468,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/cups/backend/cups-pdf -- gen_context(system_u:object_r:cups_pdf_exec_t,s0)
+
+/etc/rc\.d/init\.d/cups -- gen_context(system_u:object_r:cups_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.5.6/policy/modules/services/cups.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.5.7/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cups.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cups.if 2008-09-08 10:19:45.000000000 -0400
@@ -20,6 +20,30 @@
########################################
@@ -13589,9 +13628,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, hplip_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.6/policy/modules/services/cups.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.7/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cups.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cups.te 2008-09-08 11:56:12.000000000 -0400
@@ -48,6 +48,10 @@
type hplip_t;
type hplip_exec_t;
@@ -13650,7 +13689,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow cupsd_t cupsd_exec_t:lnk_file read;
manage_files_pattern(cupsd_t, cupsd_log_t, cupsd_log_t)
-@@ -116,13 +134,19 @@
+@@ -116,13 +134,20 @@
manage_fifo_files_pattern(cupsd_t, cupsd_tmp_t, cupsd_tmp_t)
files_tmp_filetrans(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
@@ -13664,6 +13703,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow cupsd_t cupsd_var_run_t:dir setattr;
manage_files_pattern(cupsd_t, cupsd_var_run_t, cupsd_var_run_t)
manage_sock_files_pattern(cupsd_t, cupsd_var_run_t, cupsd_var_run_t)
++manage_fifo_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
files_pid_filetrans(cupsd_t, cupsd_var_run_t, file)
-read_files_pattern(cupsd_t, hplip_etc_t, hplip_etc_t)
@@ -13672,7 +13712,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow cupsd_t hplip_var_run_t:file { read getattr };
stream_connect_pattern(cupsd_t, ptal_var_run_t, ptal_var_run_t, ptal_t)
-@@ -149,32 +173,35 @@
+@@ -149,32 +174,35 @@
corenet_tcp_bind_reserved_port(cupsd_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
corenet_tcp_connect_all_ports(cupsd_t)
@@ -13712,7 +13752,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
corecmd_exec_shell(cupsd_t)
corecmd_exec_bin(cupsd_t)
-@@ -186,7 +213,7 @@
+@@ -186,7 +214,7 @@
# read python modules
files_read_usr_files(cupsd_t)
# for /var/lib/defoma
@@ -13721,7 +13761,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_list_world_readable(cupsd_t)
files_read_world_readable_files(cupsd_t)
files_read_world_readable_symlinks(cupsd_t)
-@@ -195,15 +222,16 @@
+@@ -195,15 +223,16 @@
files_read_var_symlinks(cupsd_t)
# for /etc/printcap
files_dontaudit_write_etc_files(cupsd_t)
@@ -13742,7 +13782,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(cupsd_t)
libs_use_ld_so(cupsd_t)
-@@ -219,17 +247,22 @@
+@@ -219,17 +248,22 @@
miscfiles_read_fonts(cupsd_t)
seutil_read_config(cupsd_t)
@@ -13767,7 +13807,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -246,8 +279,16 @@
+@@ -246,8 +280,16 @@
userdom_dbus_send_all_users(cupsd_t)
optional_policy(`
@@ -13784,7 +13824,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -263,6 +304,10 @@
+@@ -263,6 +305,10 @@
')
optional_policy(`
@@ -13795,7 +13835,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# cups execs smbtool which reads samba_etc_t files
samba_read_config(cupsd_t)
samba_rw_var_files(cupsd_t)
-@@ -281,7 +326,7 @@
+@@ -281,7 +327,7 @@
# Cups configuration daemon local policy
#
@@ -13804,7 +13844,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dontaudit cupsd_config_t self:capability sys_tty_config;
allow cupsd_config_t self:process signal_perms;
allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
-@@ -326,6 +371,7 @@
+@@ -326,6 +372,7 @@
dev_read_sysfs(cupsd_config_t)
dev_read_urand(cupsd_config_t)
dev_read_rand(cupsd_config_t)
@@ -13812,7 +13852,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(cupsd_config_t)
fs_search_auto_mountpoints(cupsd_config_t)
-@@ -343,7 +389,7 @@
+@@ -343,7 +390,7 @@
files_read_var_symlinks(cupsd_config_t)
# Alternatives asks for this
@@ -13821,7 +13861,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(cupsd_config_t)
-@@ -353,6 +399,7 @@
+@@ -353,6 +400,7 @@
logging_send_syslog_msg(cupsd_config_t)
miscfiles_read_localization(cupsd_config_t)
@@ -13829,7 +13869,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_dontaudit_search_config(cupsd_config_t)
-@@ -365,14 +412,16 @@
+@@ -365,14 +413,16 @@
sysadm_dontaudit_search_home_dirs(cupsd_config_t)
ifdef(`distro_redhat',`
@@ -13848,7 +13888,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
')
-@@ -388,6 +437,7 @@
+@@ -388,6 +438,7 @@
optional_policy(`
hal_domtrans(cupsd_config_t)
hal_read_tmp_files(cupsd_config_t)
@@ -13856,7 +13896,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -500,7 +550,7 @@
+@@ -500,7 +551,7 @@
allow hplip_t self:udp_socket create_socket_perms;
allow hplip_t self:rawip_socket create_socket_perms;
@@ -13865,7 +13905,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
cups_stream_connect(hplip_t)
-@@ -509,6 +559,8 @@
+@@ -509,6 +560,8 @@
read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
files_search_etc(hplip_t)
@@ -13874,7 +13914,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern(hplip_t, hplip_var_run_t, hplip_var_run_t)
files_pid_filetrans(hplip_t, hplip_var_run_t, file)
-@@ -538,7 +590,8 @@
+@@ -538,7 +591,8 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -13884,7 +13924,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -564,12 +617,14 @@
+@@ -564,12 +618,14 @@
userdom_dontaudit_use_unpriv_user_fds(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -13900,7 +13940,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -651,3 +706,45 @@
+@@ -651,3 +707,45 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -13946,9 +13986,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+sysadm_dontaudit_read_home_content_files(cups_pdf_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.fc serefpolicy-3.5.6/policy/modules/services/cvs.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.fc serefpolicy-3.5.7/policy/modules/services/cvs.fc
--- nsaserefpolicy/policy/modules/services/cvs.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cvs.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cvs.fc 2008-09-08 10:19:45.000000000 -0400
@@ -5,3 +5,6 @@
/var/cvs(/.*)? gen_context(system_u:object_r:cvs_data_t,s0)
@@ -13956,9 +13996,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+#CVSWeb file context
+/usr/share/cvsweb/cvsweb\.cgi -- gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
+/var/www/cgi-bin/cvsweb\.cgi -- gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.5.6/policy/modules/services/cvs.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.5.7/policy/modules/services/cvs.if
--- nsaserefpolicy/policy/modules/services/cvs.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cvs.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cvs.if 2008-09-08 10:19:45.000000000 -0400
@@ -36,3 +36,70 @@
can_exec($1, cvs_exec_t)
@@ -14030,9 +14070,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, cvs_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.5.6/policy/modules/services/cvs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.5.7/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cvs.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cvs.te 2008-09-08 10:19:45.000000000 -0400
@@ -28,6 +28,9 @@
type cvs_var_run_t;
files_pid_file(cvs_var_run_t)
@@ -14087,18 +14127,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-optional_policy(`
- nscd_socket_use(cvs_t)
-')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.fc serefpolicy-3.5.6/policy/modules/services/cyrus.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.fc serefpolicy-3.5.7/policy/modules/services/cyrus.fc
--- nsaserefpolicy/policy/modules/services/cyrus.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cyrus.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cyrus.fc 2008-09-08 10:19:45.000000000 -0400
@@ -2,3 +2,5 @@
/usr/lib(64)?/cyrus-imapd/cyrus-master -- gen_context(system_u:object_r:cyrus_exec_t,s0)
/var/lib/imap(/.*)? gen_context(system_u:object_r:cyrus_var_lib_t,s0)
+
+/etc/rc\.d/init\.d/cyrus -- gen_context(system_u:object_r:cyrus_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.if serefpolicy-3.5.6/policy/modules/services/cyrus.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.if serefpolicy-3.5.7/policy/modules/services/cyrus.if
--- nsaserefpolicy/policy/modules/services/cyrus.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cyrus.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cyrus.if 2008-09-08 10:19:45.000000000 -0400
@@ -39,3 +39,74 @@
files_search_var_lib($1)
stream_connect_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t, cyrus_t)
@@ -14174,9 +14214,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.5.6/policy/modules/services/cyrus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.5.7/policy/modules/services/cyrus.te
--- nsaserefpolicy/policy/modules/services/cyrus.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/cyrus.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/cyrus.te 2008-09-08 10:19:45.000000000 -0400
@@ -19,6 +19,9 @@
type cyrus_var_run_t;
files_pid_file(cyrus_var_run_t)
@@ -14196,9 +14236,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.5.6/policy/modules/services/dbus.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.5.7/policy/modules/services/dbus.fc
--- nsaserefpolicy/policy/modules/services/dbus.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dbus.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dbus.fc 2008-09-08 10:19:45.000000000 -0400
@@ -4,6 +4,9 @@
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
/bin/dbus-daemon -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
@@ -14209,9 +14249,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.5.6/policy/modules/services/dbus.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.5.7/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dbus.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dbus.if 2008-09-08 10:19:45.000000000 -0400
@@ -53,6 +53,7 @@
gen_require(`
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -14507,9 +14547,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 system_dbusd_t:tcp_socket { read write };
+ allow $1 system_dbusd_t:fd use;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.5.6/policy/modules/services/dbus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.5.7/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dbus.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dbus.te 2008-09-08 10:19:45.000000000 -0400
@@ -9,9 +9,10 @@
#
# Delcarations
@@ -14631,9 +14671,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_xdm_rw_shm(unconfined_dbusd_t)
+ ')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.5.6/policy/modules/services/dcc.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.5.7/policy/modules/services/dcc.if
--- nsaserefpolicy/policy/modules/services/dcc.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dcc.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dcc.if 2008-09-08 10:19:45.000000000 -0400
@@ -72,6 +72,24 @@
########################################
@@ -14659,9 +14699,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Execute dcc_client in the dcc_client domain, and
## allow the specified role the dcc_client domain.
## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.5.6/policy/modules/services/dcc.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.5.7/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dcc.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dcc.te 2008-09-08 10:19:45.000000000 -0400
@@ -105,6 +105,8 @@
files_read_etc_files(cdcc_t)
files_read_etc_runtime_files(cdcc_t)
@@ -14831,18 +14871,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(dccm_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.fc serefpolicy-3.5.6/policy/modules/services/ddclient.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.fc serefpolicy-3.5.7/policy/modules/services/ddclient.fc
--- nsaserefpolicy/policy/modules/services/ddclient.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ddclient.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ddclient.fc 2008-09-08 10:19:45.000000000 -0400
@@ -9,3 +9,5 @@
/var/log/ddtcd\.log.* -- gen_context(system_u:object_r:ddclient_log_t,s0)
/var/run/ddclient\.pid -- gen_context(system_u:object_r:ddclient_var_run_t,s0)
/var/run/ddtcd\.pid -- gen_context(system_u:object_r:ddclient_var_run_t,s0)
+/etc/rc\.d/init\.d/ddclient -- gen_context(system_u:object_r:ddclient_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.5.6/policy/modules/services/ddclient.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.5.7/policy/modules/services/ddclient.if
--- nsaserefpolicy/policy/modules/services/ddclient.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ddclient.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ddclient.if 2008-09-08 10:19:45.000000000 -0400
@@ -18,3 +18,81 @@
corecmd_search_bin($1)
domtrans_pattern($1, ddclient_exec_t, ddclient_t)
@@ -14925,9 +14965,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, ddclient_var_run_t)
+
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.te serefpolicy-3.5.6/policy/modules/services/ddclient.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.te serefpolicy-3.5.7/policy/modules/services/ddclient.te
--- nsaserefpolicy/policy/modules/services/ddclient.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ddclient.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ddclient.te 2008-09-08 10:19:45.000000000 -0400
@@ -11,7 +11,7 @@
init_daemon_domain(ddclient_t, ddclient_exec_t)
@@ -14947,9 +14987,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Declarations
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.fc serefpolicy-3.5.6/policy/modules/services/dhcp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.fc serefpolicy-3.5.7/policy/modules/services/dhcp.fc
--- nsaserefpolicy/policy/modules/services/dhcp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dhcp.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dhcp.fc 2008-09-08 10:19:45.000000000 -0400
@@ -5,3 +5,6 @@
/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
@@ -14957,9 +14997,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/rc\.d/init\.d/dhcpd -- gen_context(system_u:object_r:dhcpd_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.5.6/policy/modules/services/dhcp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.5.7/policy/modules/services/dhcp.if
--- nsaserefpolicy/policy/modules/services/dhcp.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dhcp.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dhcp.if 2008-09-08 10:19:45.000000000 -0400
@@ -19,3 +19,71 @@
sysnet_search_dhcp_state($1)
allow $1 dhcpd_state_t:file setattr;
@@ -15032,9 +15072,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, dhcpd_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.5.6/policy/modules/services/dhcp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.5.7/policy/modules/services/dhcp.te
--- nsaserefpolicy/policy/modules/services/dhcp.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dhcp.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dhcp.te 2008-09-08 10:19:45.000000000 -0400
@@ -19,18 +19,20 @@
type dhcpd_var_run_t;
files_pid_file(dhcpd_var_run_t)
@@ -15098,9 +15138,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(dhcpd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.5.6/policy/modules/services/dictd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.5.7/policy/modules/services/dictd.fc
--- nsaserefpolicy/policy/modules/services/dictd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dictd.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dictd.fc 2008-09-08 10:19:45.000000000 -0400
@@ -4,3 +4,6 @@
/usr/sbin/dictd -- gen_context(system_u:object_r:dictd_exec_t,s0)
@@ -15108,9 +15148,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/dictd\.pid -- gen_context(system_u:object_r:dictd_var_run_t,s0)
+
+/etc/rc\.d/init\.d/dictd -- gen_context(system_u:object_r:dictd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.if serefpolicy-3.5.6/policy/modules/services/dictd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.if serefpolicy-3.5.7/policy/modules/services/dictd.if
--- nsaserefpolicy/policy/modules/services/dictd.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dictd.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dictd.if 2008-09-08 10:19:45.000000000 -0400
@@ -14,3 +14,73 @@
interface(`dictd_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -15185,9 +15225,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, dictd_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.te serefpolicy-3.5.6/policy/modules/services/dictd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.te serefpolicy-3.5.7/policy/modules/services/dictd.te
--- nsaserefpolicy/policy/modules/services/dictd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dictd.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dictd.te 2008-09-08 10:19:45.000000000 -0400
@@ -16,6 +16,12 @@
type dictd_var_lib_t alias var_lib_dictd_t;
files_type(dictd_var_lib_t)
@@ -15211,9 +15251,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state(dictd_t)
kernel_read_kernel_sysctls(dictd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.5.6/policy/modules/services/dnsmasq.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.5.7/policy/modules/services/dnsmasq.fc
--- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dnsmasq.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dnsmasq.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,4 +1,7 @@
/usr/sbin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0)
@@ -15222,9 +15262,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
+
+/etc/rc\.d/init\.d/dnsmasq -- gen_context(system_u:object_r:dnsmasq_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.5.6/policy/modules/services/dnsmasq.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.5.7/policy/modules/services/dnsmasq.if
--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dnsmasq.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dnsmasq.if 2008-09-08 10:19:45.000000000 -0400
@@ -1 +1,125 @@
## <summary>dnsmasq DNS forwarder and DHCP server</summary>
+
@@ -15351,9 +15391,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, dnsmasq_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.6/policy/modules/services/dnsmasq.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.7/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dnsmasq.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dnsmasq.te 2008-09-08 10:19:45.000000000 -0400
@@ -16,6 +16,9 @@
type dnsmasq_var_run_t;
files_pid_file(dnsmasq_var_run_t)
@@ -15399,9 +15439,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ virt_manage_lib_files(dnsmasq_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.5.6/policy/modules/services/dovecot.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.5.7/policy/modules/services/dovecot.fc
--- nsaserefpolicy/policy/modules/services/dovecot.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dovecot.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dovecot.fc 2008-09-08 10:19:45.000000000 -0400
@@ -17,23 +17,24 @@
ifdef(`distro_debian', `
@@ -15432,9 +15472,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
+/etc/rc\.d/init\.d/dovecot -- gen_context(system_u:object_r:dovecot_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.5.6/policy/modules/services/dovecot.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.5.7/policy/modules/services/dovecot.if
--- nsaserefpolicy/policy/modules/services/dovecot.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dovecot.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dovecot.if 2008-09-08 10:19:45.000000000 -0400
@@ -21,7 +21,46 @@
########################################
@@ -15573,9 +15613,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.5.6/policy/modules/services/dovecot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.5.7/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/dovecot.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/dovecot.te 2008-09-08 10:19:45.000000000 -0400
@@ -15,6 +15,12 @@
domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -15739,9 +15779,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ mta_manage_spool(dovecot_deliver_t)
')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.5.6/policy/modules/services/exim.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.5.7/policy/modules/services/exim.if
--- nsaserefpolicy/policy/modules/services/exim.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/exim.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/exim.if 2008-09-08 10:19:45.000000000 -0400
@@ -97,6 +97,26 @@
########################################
@@ -15793,9 +15833,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ manage_dirs_pattern($1, exim_spool_t, exim_spool_t)
+ files_search_spool($1)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.5.6/policy/modules/services/exim.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.5.7/policy/modules/services/exim.te
--- nsaserefpolicy/policy/modules/services/exim.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/exim.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/exim.te 2008-09-08 10:19:45.000000000 -0400
@@ -21,9 +21,20 @@
## </desc>
gen_tunable(exim_manage_user_files, false)
@@ -15969,20 +16009,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ spamassassin_exec(exim_t)
+ spamassassin_exec_client(exim_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.fc serefpolicy-3.5.6/policy/modules/services/fail2ban.fc
---- nsaserefpolicy/policy/modules/services/fail2ban.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/fail2ban.fc 2008-09-03 15:55:22.000000000 -0400
-@@ -1,3 +1,7 @@
- /usr/bin/fail2ban -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
-+/usr/bin/fail2ban-server -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
- /var/log/fail2ban\.log -- gen_context(system_u:object_r:fail2ban_log_t,s0)
- /var/run/fail2ban\.pid -- gen_context(system_u:object_r:fail2ban_var_run_t,s0)
-+/var/run/fail2ban\.sock -s gen_context(system_u:object_r:fail2ban_var_run_t,s0)
-+/etc/rc\.d/init\.d/fail2ban -- gen_context(system_u:object_r:fail2ban_script_exec_t,s0)
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.5.6/policy/modules/services/fail2ban.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.5.7/policy/modules/services/fail2ban.if
--- nsaserefpolicy/policy/modules/services/fail2ban.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/fail2ban.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/fail2ban.if 2008-09-08 10:19:45.000000000 -0400
@@ -78,3 +78,67 @@
files_search_pids($1)
allow $1 fail2ban_var_run_t:file read_file_perms;
@@ -16051,87 +16080,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, fail2ban_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.5.6/policy/modules/services/fail2ban.te
---- nsaserefpolicy/policy/modules/services/fail2ban.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/fail2ban.te 2008-09-03 15:55:22.000000000 -0400
-@@ -18,6 +18,9 @@
- type fail2ban_var_run_t;
- files_pid_file(fail2ban_var_run_t)
-
-+type fail2ban_script_exec_t;
-+init_script_file(fail2ban_script_exec_t)
-+
- ########################################
- #
- # fail2ban local policy
-@@ -25,7 +28,8 @@
-
- allow fail2ban_t self:process signal;
- allow fail2ban_t self:fifo_file rw_fifo_file_perms;
--allow fail2ban_t self:unix_stream_socket create_stream_socket_perms;
-+allow fail2ban_t self:unix_stream_socket { connectto create_stream_socket_perms };
-+allow fail2ban_t self:tcp_socket create_stream_socket_perms;
-
- # log files
- allow fail2ban_t fail2ban_log_t:dir setattr;
-@@ -33,8 +37,9 @@
- logging_log_filetrans(fail2ban_t, fail2ban_log_t, file)
-
- # pid file
-+manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
- manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
--files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, file)
-+files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, { file sock_file })
-
- kernel_read_system_state(fail2ban_t)
-
-@@ -46,15 +51,32 @@
- domain_use_interactive_fds(fail2ban_t)
-
- files_read_etc_files(fail2ban_t)
-+files_read_etc_runtime_files(fail2ban_t)
- files_read_usr_files(fail2ban_t)
-+files_list_var(fail2ban_t)
-+files_search_var_lib(fail2ban_t)
-+
-+fs_list_inotifyfs(fail2ban_t)
-+fs_getattr_all_fs(fail2ban_t)
-+
-+corenet_all_recvfrom_unlabeled(fail2ban_t)
-+corenet_all_recvfrom_netlabel(fail2ban_t)
-+corenet_tcp_sendrecv_generic_if(fail2ban_t)
-+corenet_tcp_sendrecv_all_nodes(fail2ban_t)
-+corenet_tcp_sendrecv_all_ports(fail2ban_t)
-+corenet_tcp_connect_whois_port(fail2ban_t)
-+
-+auth_use_nsswitch(fail2ban_t)
-
- libs_use_ld_so(fail2ban_t)
- libs_use_shared_libs(fail2ban_t)
-
--logging_read_generic_logs(fail2ban_t)
-+logging_read_all_logs(fail2ban_t)
-
- miscfiles_read_localization(fail2ban_t)
-
-+mta_send_mail(fail2ban_t)
-+
- optional_policy(`
- apache_read_log(fail2ban_t)
- ')
-@@ -64,5 +86,9 @@
- ')
-
- optional_policy(`
-+ gamin_exec(fail2ban_t)
-+')
-+
-+optional_policy(`
- iptables_domtrans(fail2ban_t)
- ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.5.6/policy/modules/services/fetchmail.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.5.7/policy/modules/services/fetchmail.if
--- nsaserefpolicy/policy/modules/services/fetchmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/fetchmail.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/fetchmail.if 2008-09-08 10:19:45.000000000 -0400
@@ -21,10 +21,10 @@
ps_process_pattern($1, fetchmail_t)
@@ -16146,9 +16097,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, fetchmail_var_run_t, fetchmail_var_run_t)
+ admin_pattern($1, fetchmail_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.5.6/policy/modules/services/fetchmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.5.7/policy/modules/services/fetchmail.te
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/fetchmail.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/fetchmail.te 2008-09-08 10:19:45.000000000 -0400
@@ -91,6 +91,10 @@
')
@@ -16160,9 +16111,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(fetchmail_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.5.6/policy/modules/services/ftp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.5.7/policy/modules/services/ftp.fc
--- nsaserefpolicy/policy/modules/services/ftp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ftp.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ftp.fc 2008-09-08 10:19:45.000000000 -0400
@@ -27,3 +27,6 @@
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
@@ -16170,9 +16121,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/rc\.d/init\.d/vsftpd -- gen_context(system_u:object_r:ftp_script_exec_t,s0)
+/etc/rc\.d/init\.d/proftpd -- gen_context(system_u:object_r:ftp_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.5.6/policy/modules/services/ftp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.5.7/policy/modules/services/ftp.if
--- nsaserefpolicy/policy/modules/services/ftp.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ftp.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ftp.if 2008-09-08 10:19:45.000000000 -0400
@@ -28,11 +28,13 @@
type ftpd_t;
')
@@ -16287,9 +16238,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, ftp_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.6/policy/modules/services/ftp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.7/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ftp.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ftp.te 2008-09-08 10:19:45.000000000 -0400
@@ -75,6 +75,9 @@
type xferlog_t;
logging_log_file(xferlog_t)
@@ -16368,15 +16319,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(ftpd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.fc serefpolicy-3.5.6/policy/modules/services/gamin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.fc serefpolicy-3.5.7/policy/modules/services/gamin.fc
--- nsaserefpolicy/policy/modules/services/gamin.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/gamin.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/gamin.fc 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/libexec/gam_server -- gen_context(system_u:object_r:gamin_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.if serefpolicy-3.5.6/policy/modules/services/gamin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.if serefpolicy-3.5.7/policy/modules/services/gamin.if
--- nsaserefpolicy/policy/modules/services/gamin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/gamin.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/gamin.if 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,57 @@
+
+## <summary>policy for gamin</summary>
@@ -16435,9 +16386,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $1 gamin_t:unix_stream_socket connectto;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.te serefpolicy-3.5.6/policy/modules/services/gamin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.te serefpolicy-3.5.7/policy/modules/services/gamin.te
--- nsaserefpolicy/policy/modules/services/gamin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/gamin.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/gamin.te 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,39 @@
+policy_module(gamin, 1.0.0)
+
@@ -16478,16 +16429,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+miscfiles_read_localization(gamin_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.5.6/policy/modules/services/gnomeclock.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.5.7/policy/modules/services/gnomeclock.fc
--- nsaserefpolicy/policy/modules/services/gnomeclock.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/gnomeclock.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/gnomeclock.fc 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.5.6/policy/modules/services/gnomeclock.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.5.7/policy/modules/services/gnomeclock.if
--- nsaserefpolicy/policy/modules/services/gnomeclock.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/gnomeclock.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/gnomeclock.if 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,75 @@
+
+## <summary>policy for gnomeclock</summary>
@@ -16564,9 +16515,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 gnomeclock_t:dbus send_msg;
+ allow gnomeclock_t $1:dbus send_msg;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.5.6/policy/modules/services/gnomeclock.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.5.7/policy/modules/services/gnomeclock.te
--- nsaserefpolicy/policy/modules/services/gnomeclock.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/gnomeclock.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/gnomeclock.te 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,55 @@
+policy_module(gnomeclock, 1.0.0)
+########################################
@@ -16623,9 +16574,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ polkit_read_lib(gnomeclock_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.5.6/policy/modules/services/hal.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.5.7/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/hal.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/hal.fc 2008-09-08 10:19:45.000000000 -0400
@@ -9,6 +9,7 @@
/usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
@@ -16634,9 +16585,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.5.6/policy/modules/services/hal.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.5.7/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/hal.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/hal.if 2008-09-08 10:19:45.000000000 -0400
@@ -302,3 +302,42 @@
files_search_pids($1)
allow $1 hald_var_run_t:file rw_file_perms;
@@ -16680,9 +16631,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ read_lnk_files_pattern($1, hald_t, hald_t)
+ dontaudit $1 hald_t:process ptrace;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.6/policy/modules/services/hal.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.7/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/hal.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/hal.te 2008-09-08 10:19:45.000000000 -0400
@@ -49,6 +49,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -16794,9 +16745,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Should be removed when this is fixed
-#cron_read_system_job_lib_files(hald_t)
+cron_read_system_job_lib_files(hald_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.5.6/policy/modules/services/inetd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.5.7/policy/modules/services/inetd.fc
--- nsaserefpolicy/policy/modules/services/inetd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/inetd.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/inetd.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,6 +1,8 @@
/usr/sbin/identd -- gen_context(system_u:object_r:inetd_child_exec_t,s0)
@@ -16806,18 +16757,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/inetd -- gen_context(system_u:object_r:inetd_exec_t,s0)
/usr/sbin/rlinetd -- gen_context(system_u:object_r:inetd_exec_t,s0)
/usr/sbin/xinetd -- gen_context(system_u:object_r:inetd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.fc serefpolicy-3.5.6/policy/modules/services/inn.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.fc serefpolicy-3.5.7/policy/modules/services/inn.fc
--- nsaserefpolicy/policy/modules/services/inn.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/inn.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/inn.fc 2008-09-08 10:19:45.000000000 -0400
@@ -64,3 +64,5 @@
/var/run/news(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0)
/var/spool/news(/.*)? gen_context(system_u:object_r:news_spool_t,s0)
+
+/etc/rc\.d/init\.d/innd -- gen_context(system_u:object_r:innd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-3.5.6/policy/modules/services/inn.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-3.5.7/policy/modules/services/inn.if
--- nsaserefpolicy/policy/modules/services/inn.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/inn.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/inn.if 2008-09-08 10:19:45.000000000 -0400
@@ -54,8 +54,7 @@
')
@@ -16909,9 +16860,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, innd_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.5.6/policy/modules/services/inn.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.5.7/policy/modules/services/inn.te
--- nsaserefpolicy/policy/modules/services/inn.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/inn.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/inn.te 2008-09-08 10:19:45.000000000 -0400
@@ -22,7 +22,10 @@
files_pid_file(innd_var_run_t)
@@ -16924,17 +16875,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.fc serefpolicy-3.5.6/policy/modules/services/jabber.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.fc serefpolicy-3.5.7/policy/modules/services/jabber.fc
--- nsaserefpolicy/policy/modules/services/jabber.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/jabber.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/jabber.fc 2008-09-08 10:19:45.000000000 -0400
@@ -2,3 +2,4 @@
/var/lib/jabber(/.*)? gen_context(system_u:object_r:jabberd_var_lib_t,s0)
/var/log/jabber(/.*)? gen_context(system_u:object_r:jabberd_log_t,s0)
+/etc/rc\.d/init\.d/jabber -- gen_context(system_u:object_r:jabber_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.if serefpolicy-3.5.6/policy/modules/services/jabber.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.if serefpolicy-3.5.7/policy/modules/services/jabber.if
--- nsaserefpolicy/policy/modules/services/jabber.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/jabber.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/jabber.if 2008-09-08 10:19:45.000000000 -0400
@@ -13,3 +13,73 @@
interface(`jabber_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -17009,9 +16960,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, jabber_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.te serefpolicy-3.5.6/policy/modules/services/jabber.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.te serefpolicy-3.5.7/policy/modules/services/jabber.te
--- nsaserefpolicy/policy/modules/services/jabber.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/jabber.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/jabber.te 2008-09-08 10:19:45.000000000 -0400
@@ -19,6 +19,9 @@
type jabberd_var_run_t;
files_pid_file(jabberd_var_run_t)
@@ -17022,10 +16973,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.5.6/policy/modules/services/kerberos.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.5.7/policy/modules/services/kerberos.fc
--- nsaserefpolicy/policy/modules/services/kerberos.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/kerberos.fc 2008-09-03 15:55:22.000000000 -0400
-@@ -13,6 +13,14 @@
++++ serefpolicy-3.5.7/policy/modules/services/kerberos.fc 2008-09-08 11:37:57.000000000 -0400
+@@ -7,12 +7,21 @@
+
+ /usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
+ /usr/(local/)?(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
++/usr/kerberos/sbin/kadmin\.local -- gen_context(system_u:object_r:kadmind_exec_t,s0)
+
+ /usr/local/var/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
+ /usr/local/var/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
/var/kerberos/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
/var/kerberos/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
@@ -17040,9 +16998,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/rc\.d/init\.d/krb524d -- gen_context(system_u:object_r:kerberos_script_exec_t,s0)
+/etc/rc\.d/init\.d/kpropd -- gen_context(system_u:object_r:kerberos_script_exec_t,s0)
+/etc/rc\.d/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.5.6/policy/modules/services/kerberos.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.5.7/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/kerberos.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/kerberos.if 2008-09-08 11:37:38.000000000 -0400
@@ -23,6 +23,25 @@
########################################
@@ -17129,7 +17087,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
## </summary>
## <param name="domain">
-@@ -168,6 +216,175 @@
+@@ -168,6 +216,193 @@
')
files_search_etc($1)
@@ -17303,12 +17261,30 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, krb5kdc_tmp_t)
+
+ admin_pattern($1, krb5kdc_var_run_t)
-
++
+ admin_pattern($1, krb5_host_rcache_t)
++')
++
++########################################
++## <summary>
++## Execute a kadmind_exec_t in the current domain
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`kerberos_exec_kadmind',`
++ gen_require(`
++ type kpropd_exec_t;
++ ')
+
++ can_exec($1,kadmind_exec_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.5.6/policy/modules/services/kerberos.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.5.7/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/kerberos.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/kerberos.te 2008-09-08 10:19:45.000000000 -0400
@@ -16,6 +16,7 @@
type kadmind_t;
type kadmind_exec_t;
@@ -17504,16 +17480,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+sysnet_dns_name_resolve(kpropd_t)
+
+kerberos_use(kpropd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.fc serefpolicy-3.5.6/policy/modules/services/kerneloops.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.fc serefpolicy-3.5.7/policy/modules/services/kerneloops.fc
--- nsaserefpolicy/policy/modules/services/kerneloops.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/kerneloops.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/kerneloops.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1 +1,3 @@
/usr/sbin/kerneloops -- gen_context(system_u:object_r:kerneloops_exec_t,s0)
+
+/etc/rc\.d/init\.d/kerneloops -- gen_context(system_u:object_r:kerneloops_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.5.6/policy/modules/services/kerneloops.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.5.7/policy/modules/services/kerneloops.if
--- nsaserefpolicy/policy/modules/services/kerneloops.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/kerneloops.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/kerneloops.if 2008-09-08 10:19:45.000000000 -0400
@@ -21,6 +21,24 @@
########################################
@@ -17571,10 +17547,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $2 system_r;
+
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.5.6/policy/modules/services/kerneloops.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.5.7/policy/modules/services/kerneloops.te
--- nsaserefpolicy/policy/modules/services/kerneloops.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/kerneloops.te 2008-09-03 15:55:22.000000000 -0400
-@@ -10,6 +10,9 @@
++++ serefpolicy-3.5.7/policy/modules/services/kerneloops.te 2008-09-08 10:19:45.000000000 -0400
+@@ -10,13 +10,16 @@
type kerneloops_exec_t;
init_daemon_domain(kerneloops_t, kerneloops_exec_t)
@@ -17584,6 +17560,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# kerneloops local policy
+ #
+
+ allow kerneloops_t self:capability sys_nice;
+-allow kerneloops_t self:process { setsched getsched };
++allow kerneloops_t self:process { setsched getsched signal };
+ allow kerneloops_t self:fifo_file rw_file_perms;
+
+ kernel_read_ring_buffer(kerneloops_t)
@@ -24,6 +27,8 @@
# Init script handling
domain_use_interactive_fds(kerneloops_t)
@@ -17593,18 +17577,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_unlabeled(kerneloops_t)
corenet_all_recvfrom_netlabel(kerneloops_t)
corenet_tcp_sendrecv_all_if(kerneloops_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.5.6/policy/modules/services/ldap.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.5.7/policy/modules/services/ldap.fc
--- nsaserefpolicy/policy/modules/services/ldap.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ldap.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ldap.fc 2008-09-08 10:19:45.000000000 -0400
@@ -14,3 +14,5 @@
/var/run/openldap(/.*)? gen_context(system_u:object_r:slapd_var_run_t,s0)
/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
+
+/etc/rc\.d/init\.d/ldap -- gen_context(system_u:object_r:ldap_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.5.6/policy/modules/services/ldap.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.5.7/policy/modules/services/ldap.if
--- nsaserefpolicy/policy/modules/services/ldap.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ldap.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ldap.if 2008-09-08 10:19:45.000000000 -0400
@@ -73,3 +73,80 @@
allow $1 slapd_var_run_t:sock_file write;
allow $1 slapd_t:unix_stream_socket connectto;
@@ -17686,9 +17670,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.5.6/policy/modules/services/ldap.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.5.7/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ldap.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ldap.te 2008-09-08 10:19:45.000000000 -0400
@@ -31,6 +31,9 @@
type slapd_var_run_t;
files_pid_file(slapd_var_run_t)
@@ -17708,9 +17692,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.5.6/policy/modules/services/lpd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.5.7/policy/modules/services/lpd.fc
--- nsaserefpolicy/policy/modules/services/lpd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/lpd.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/lpd.fc 2008-09-08 10:19:45.000000000 -0400
@@ -22,11 +22,14 @@
/usr/sbin/lpinfo -- gen_context(system_u:object_r:lpr_exec_t,s0)
/usr/sbin/lpmove -- gen_context(system_u:object_r:lpr_exec_t,s0)
@@ -17726,17 +17710,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/cups-pdf(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
/var/spool/lpd(/.*)? gen_context(system_u:object_r:print_spool_t,s0)
/var/run/lprng(/.*)? gen_context(system_u:object_r:lpd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.5.6/policy/modules/services/mailman.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.5.7/policy/modules/services/mailman.fc
--- nsaserefpolicy/policy/modules/services/mailman.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/mailman.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mailman.fc 2008-09-08 10:35:20.000000000 -0400
@@ -31,3 +31,4 @@
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
')
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.5.6/policy/modules/services/mailman.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.5.7/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/mailman.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mailman.if 2008-09-08 10:19:45.000000000 -0400
@@ -211,6 +211,7 @@
type mailman_data_t;
')
@@ -17771,9 +17755,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Append to mailman logs.
## </summary>
## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.5.6/policy/modules/services/mailman.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.5.7/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/mailman.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mailman.te 2008-09-08 10:19:45.000000000 -0400
@@ -53,10 +53,9 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -17821,15 +17805,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.5.6/policy/modules/services/mailscanner.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.5.7/policy/modules/services/mailscanner.fc
--- nsaserefpolicy/policy/modules/services/mailscanner.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/mailscanner.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mailscanner.fc 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,2 @@
+/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:mailscanner_spool_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.if serefpolicy-3.5.6/policy/modules/services/mailscanner.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.if serefpolicy-3.5.7/policy/modules/services/mailscanner.if
--- nsaserefpolicy/policy/modules/services/mailscanner.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/mailscanner.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mailscanner.if 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,59 @@
+## <summary>Anti-Virus and Anti-Spam Filter</summary>
+
@@ -17890,27 +17874,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_search_spool($1)
+ manage_files_pattern($1, mailscanner_spool_t, mailscanner_spool_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.te serefpolicy-3.5.6/policy/modules/services/mailscanner.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.te serefpolicy-3.5.7/policy/modules/services/mailscanner.te
--- nsaserefpolicy/policy/modules/services/mailscanner.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/mailscanner.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mailscanner.te 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,5 @@
+
+policy_module(mailscanner, 1.0.0)
+
+type mailscanner_spool_t;
+files_type(mailscanner_spool_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.fc serefpolicy-3.5.6/policy/modules/services/memcached.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.fc serefpolicy-3.5.7/policy/modules/services/memcached.fc
--- nsaserefpolicy/policy/modules/services/memcached.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/memcached.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/memcached.fc 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,5 @@
+
+/usr/bin/memcached -- gen_context(system_u:object_r:memcached_exec_t,s0)
+
+/etc/rc\.d/init\.d/memcached -- gen_context(system_u:object_r:memcached_script_exec_t,s0)
+/var/run/memcached(/.*)? gen_context(system_u:object_r:memcached_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.if serefpolicy-3.5.6/policy/modules/services/memcached.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.if serefpolicy-3.5.7/policy/modules/services/memcached.if
--- nsaserefpolicy/policy/modules/services/memcached.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/memcached.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/memcached.if 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,125 @@
+
+## <summary>high-performance memory object caching system</summary>
@@ -18037,9 +18021,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ memcached_manage_var_run($1)
+
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.5.6/policy/modules/services/memcached.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.te serefpolicy-3.5.7/policy/modules/services/memcached.te
--- nsaserefpolicy/policy/modules/services/memcached.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/memcached.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/memcached.te 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,52 @@
+policy_module(memcached,1.0.0)
+
@@ -18093,9 +18077,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+sysnet_dns_name_resolve(memcached_t)
+
+permissive memcached_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.5.6/policy/modules/services/mta.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.5.7/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/mta.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mta.fc 2008-09-08 10:19:45.000000000 -0400
@@ -11,6 +11,7 @@
/usr/lib(64)?/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -18112,9 +18096,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#ifdef(`postfix.te', `', `
-#/var/spool/postfix(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
-#')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.5.6/policy/modules/services/mta.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.5.7/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/mta.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mta.if 2008-09-08 10:19:45.000000000 -0400
@@ -133,6 +133,15 @@
sendmail_create_log($1_mail_t)
')
@@ -18300,9 +18284,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Create, read, write, and delete
## mail queue files.
## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.5.6/policy/modules/services/mta.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.5.7/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/mta.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mta.te 2008-09-08 10:19:45.000000000 -0400
@@ -6,6 +6,8 @@
# Declarations
#
@@ -18462,9 +18446,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
# why is mail delivered to a directory of type arpwatch_data_t?
arpwatch_search_data(mailserver_delivery)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.5.6/policy/modules/services/munin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.5.7/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/munin.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/munin.fc 2008-09-08 10:19:45.000000000 -0400
@@ -6,6 +6,9 @@
/usr/share/munin/plugins/.* -- gen_context(system_u:object_r:munin_exec_t,s0)
@@ -18477,9 +18461,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
+
+/etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.5.6/policy/modules/services/munin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.5.7/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/munin.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/munin.if 2008-09-08 10:19:45.000000000 -0400
@@ -80,3 +80,105 @@
dontaudit $1 munin_var_lib_t:dir search_dir_perms;
@@ -18586,9 +18570,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, httpd_munin_content_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.5.6/policy/modules/services/munin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.5.7/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/munin.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/munin.te 2008-09-08 10:19:45.000000000 -0400
@@ -25,26 +25,33 @@
type munin_var_run_t alias lrrd_var_run_t;
files_pid_file(munin_var_run_t)
@@ -18714,18 +18698,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+manage_dirs_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
+manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.5.6/policy/modules/services/mysql.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.5.7/policy/modules/services/mysql.fc
--- nsaserefpolicy/policy/modules/services/mysql.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/mysql.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mysql.fc 2008-09-08 10:19:45.000000000 -0400
@@ -22,3 +22,5 @@
/var/log/mysql.* -- gen_context(system_u:object_r:mysqld_log_t,s0)
/var/run/mysqld(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0)
+
+/etc/rc\.d/init\.d/mysqld -- gen_context(system_u:object_r:mysqld_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.5.6/policy/modules/services/mysql.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.5.7/policy/modules/services/mysql.if
--- nsaserefpolicy/policy/modules/services/mysql.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/mysql.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mysql.if 2008-09-08 10:19:45.000000000 -0400
@@ -53,9 +53,11 @@
interface(`mysql_stream_connect',`
gen_require(`
@@ -18810,9 +18794,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ admin_pattern($1, mysqld_tmp_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.5.6/policy/modules/services/mysql.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.5.7/policy/modules/services/mysql.te
--- nsaserefpolicy/policy/modules/services/mysql.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/mysql.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/mysql.te 2008-09-08 10:19:45.000000000 -0400
@@ -25,6 +25,9 @@
type mysqld_tmp_t;
files_tmp_file(mysqld_tmp_t)
@@ -18841,9 +18825,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domain_use_interactive_fds(mysqld_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.5.6/policy/modules/services/nagios.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.5.7/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/nagios.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/nagios.fc 2008-09-08 10:19:45.000000000 -0400
@@ -4,13 +4,17 @@
/usr/bin/nagios -- gen_context(system_u:object_r:nagios_exec_t,s0)
/usr/bin/nrpe -- gen_context(system_u:object_r:nrpe_exec_t,s0)
@@ -18866,9 +18850,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/rc\.d/init\.d/nagios -- gen_context(system_u:object_r:nagios_script_exec_t,s0)
+/etc/rc\.d/init\.d/nrpe -- gen_context(system_u:object_r:nagios_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.5.6/policy/modules/services/nagios.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.5.7/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/nagios.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/nagios.if 2008-09-08 10:19:45.000000000 -0400
@@ -44,7 +44,7 @@
########################################
@@ -18974,9 +18958,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ admin_pattern($1, nrpe_etc_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.5.6/policy/modules/services/nagios.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.5.7/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/nagios.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/nagios.te 2008-09-08 10:19:45.000000000 -0400
@@ -10,10 +10,6 @@
type nagios_exec_t;
init_daemon_domain(nagios_t, nagios_exec_t)
@@ -19079,9 +19063,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.5.6/policy/modules/services/networkmanager.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.5.7/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/networkmanager.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/networkmanager.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,7 +1,13 @@
/usr/s?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/s?bin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
@@ -19096,9 +19080,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/var/log/wpa_supplicant\.log.* -- gen_context(system_u:object_r:NetworkManager_log_t,s0)
+/etc/NetworkManager/dispatcher.d(/.*) gen_context(system_u:object_r:NetworkManager_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.5.6/policy/modules/services/networkmanager.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.5.7/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/networkmanager.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/networkmanager.if 2008-09-08 10:19:45.000000000 -0400
@@ -97,3 +97,58 @@
allow $1 NetworkManager_t:dbus send_msg;
allow NetworkManager_t $1:dbus send_msg;
@@ -19158,9 +19142,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_search_pids($1)
+ allow $1 NetworkManager_var_run_t:file read_file_perms;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.6/policy/modules/services/networkmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.7/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/networkmanager.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/networkmanager.te 2008-09-08 10:19:45.000000000 -0400
@@ -10,9 +10,16 @@
type NetworkManager_exec_t;
init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
@@ -19305,9 +19289,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.5.6/policy/modules/services/nis.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.5.7/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/nis.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/nis.fc 2008-09-08 10:19:45.000000000 -0400
@@ -4,9 +4,14 @@
/sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0)
@@ -19323,9 +19307,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/rc\.d/init\.d/yppasswd -- gen_context(system_u:object_r:nis_script_exec_t,s0)
+/etc/rc\.d/init\.d/ypserv -- gen_context(system_u:object_r:nis_script_exec_t,s0)
+/etc/rc\.d/init\.d/ypxfrd -- gen_context(system_u:object_r:nis_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.5.6/policy/modules/services/nis.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.5.7/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/nis.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/nis.if 2008-09-08 10:19:45.000000000 -0400
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -19462,9 +19446,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.5.6/policy/modules/services/nis.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.5.7/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/nis.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/nis.te 2008-09-08 10:19:45.000000000 -0400
@@ -44,6 +44,9 @@
type ypxfr_exec_t;
init_daemon_domain(ypxfr_t, ypxfr_exec_t)
@@ -19533,18 +19517,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
corenet_dontaudit_udp_bind_all_reserved_ports(ypxfr_t)
corenet_tcp_connect_all_ports(ypxfr_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.5.6/policy/modules/services/nscd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.5.7/policy/modules/services/nscd.fc
--- nsaserefpolicy/policy/modules/services/nscd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/nscd.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/nscd.fc 2008-09-08 10:19:45.000000000 -0400
@@ -9,3 +9,5 @@
/var/run/\.nscd_socket -s gen_context(system_u:object_r:nscd_var_run_t,s0)
/var/run/nscd(/.*)? gen_context(system_u:object_r:nscd_var_run_t,s0)
+
+/etc/rc\.d/init\.d/nscd -- gen_context(system_u:object_r:nscd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.5.6/policy/modules/services/nscd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.5.7/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/nscd.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/nscd.if 2008-09-08 10:19:45.000000000 -0400
@@ -70,15 +70,14 @@
interface(`nscd_socket_use',`
gen_require(`
@@ -19630,9 +19614,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, nscd_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.5.6/policy/modules/services/nscd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.5.7/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/nscd.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/nscd.te 2008-09-08 10:19:45.000000000 -0400
@@ -23,19 +23,22 @@
type nscd_log_t;
logging_log_file(nscd_log_t)
@@ -19728,9 +19712,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ samba_read_config(nscd_t)
+ samba_read_var_files(nscd_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.fc serefpolicy-3.5.6/policy/modules/services/ntp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.fc serefpolicy-3.5.7/policy/modules/services/ntp.fc
--- nsaserefpolicy/policy/modules/services/ntp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ntp.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ntp.fc 2008-09-08 10:19:45.000000000 -0400
@@ -17,3 +17,8 @@
/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
@@ -19740,9 +19724,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/ntp/keys -- gen_context(system_u:object_r:ntpd_key_t,s0)
+
+/etc/rc\.d/init\.d/ntpd -- gen_context(system_u:object_r:ntpd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.5.6/policy/modules/services/ntp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.5.7/policy/modules/services/ntp.if
--- nsaserefpolicy/policy/modules/services/ntp.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ntp.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ntp.if 2008-09-08 10:19:45.000000000 -0400
@@ -53,3 +53,72 @@
corecmd_search_bin($1)
domtrans_pattern($1, ntpdate_exec_t, ntpd_t)
@@ -19816,9 +19800,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, ntp_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.5.6/policy/modules/services/ntp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.5.7/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ntp.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ntp.te 2008-09-08 10:19:45.000000000 -0400
@@ -25,6 +25,12 @@
type ntpdate_exec_t;
init_system_domain(ntpd_t, ntpdate_exec_t)
@@ -19889,18 +19873,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logrotate_exec(ntpd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.5.6/policy/modules/services/oddjob.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.5.7/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/oddjob.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/oddjob.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,4 +1,4 @@
-/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.5.6/policy/modules/services/oddjob.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.5.7/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/oddjob.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/oddjob.if 2008-09-08 10:19:45.000000000 -0400
@@ -44,6 +44,7 @@
')
@@ -19944,9 +19928,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types oddjob_mkhomedir_t;
+ dontaudit oddjob_mkhomedir_t $3:chr_file rw_term_perms;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.5.6/policy/modules/services/oddjob.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.5.7/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/oddjob.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/oddjob.te 2008-09-08 10:19:45.000000000 -0400
@@ -10,14 +10,21 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -20006,9 +19990,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Add/remove user home directories
unprivuser_home_filetrans_home_dir(oddjob_mkhomedir_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.5.6/policy/modules/services/openvpn.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.5.7/policy/modules/services/openvpn.fc
--- nsaserefpolicy/policy/modules/services/openvpn.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/openvpn.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/openvpn.fc 2008-09-08 10:19:45.000000000 -0400
@@ -11,5 +11,7 @@
#
# /var
@@ -20018,9 +20002,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_run_t,s0)
+
+/etc/rc\.d/init\.d/openvpn -- gen_context(system_u:object_r:openvpn_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.5.6/policy/modules/services/openvpn.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.5.7/policy/modules/services/openvpn.if
--- nsaserefpolicy/policy/modules/services/openvpn.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/openvpn.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/openvpn.if 2008-09-08 10:19:45.000000000 -0400
@@ -90,3 +90,74 @@
read_files_pattern($1, openvpn_etc_t, openvpn_etc_t)
read_lnk_files_pattern($1, openvpn_etc_t, openvpn_etc_t)
@@ -20096,9 +20080,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.5.6/policy/modules/services/openvpn.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.5.7/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/openvpn.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/openvpn.te 2008-09-08 10:19:45.000000000 -0400
@@ -8,7 +8,7 @@
## <desc>
@@ -20163,9 +20147,109 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ unconfined_use_terminals(openvpn_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.5.6/policy/modules/services/pcscd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.5.7/policy/modules/services/pads.fc
+--- nsaserefpolicy/policy/modules/services/pads.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.7/policy/modules/services/pads.fc 2008-09-08 16:03:15.000000000 -0400
+@@ -0,0 +1,12 @@
++
++/etc/pads-ether-codes -- gen_context(system_u:object_r:pads_config_t, s0)
++/etc/pads-signature-list -- gen_context(system_u:object_r:pads_config_t, s0)
++/etc/pads.conf -- gen_context(system_u:object_r:pads_config_t, s0)
++/etc/pads-assets.csv -- gen_context(system_u:object_r:pads_config_t, s0)
++
++/etc/rc\.d/init\.d/pads -- gen_context(system_u:object_r:pads_script_exec_t, s0)
++
++/usr/bin/pads -- gen_context(system_u:object_r:pads_exec_t, s0)
++
++/var/run/pads.pid -- gen_context(system_u:object_r:pads_var_run_t, s0)
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.5.7/policy/modules/services/pads.if
+--- nsaserefpolicy/policy/modules/services/pads.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.7/policy/modules/services/pads.if 2008-09-08 16:03:15.000000000 -0400
+@@ -0,0 +1,10 @@
++## <summary>SELinux policy for PADS daemon.</summary>
++## <desc>
++## <p>
++## PADS is a libpcap based detection engine used to
++## passively detect network assets. It is designed to
++## complement IDS technology by providing context to IDS
++## alerts.
++## </p>
++## </desc>
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.5.7/policy/modules/services/pads.te
+--- nsaserefpolicy/policy/modules/services/pads.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.7/policy/modules/services/pads.te 2008-09-08 16:03:15.000000000 -0400
+@@ -0,0 +1,66 @@
++
++policy_module(pads, 0.0.1)
++
++########################################
++#
++# Declarations
++#
++
++type pads_t;
++type pads_exec_t;
++init_daemon_domain(pads_t, pads_exec_t)
++role system_r types pads_t;
++
++type pads_script_exec_t;
++init_script_type(pads_script_exec_t)
++
++type pads_config_t;
++files_config_file(pads_config_t)
++
++type pads_var_run_t;
++files_pid_file(pads_var_run_t)
++
++########################################
++#
++# Declarations
++#
++
++allow pads_t self:capability net_raw;
++allow pads_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
++allow pads_t self:packet_socket { ioctl setopt getopt read bind create };
++allow pads_t self:udp_socket { create ioctl };
++allow pads_t self:unix_dgram_socket { write create connect };
++
++allow pads_t pads_config_t:file manage_file_perms;
++files_etc_filetrans(pads_t, pads_config_t, file)
++
++allow pads_t pads_var_run_t:file manage_file_perms;
++files_pid_filetrans(pads_t, pads_var_run_t, file)
++
++corecmd_search_sbin(pads_t)
++
++corenet_all_recvfrom_unlabeled(pads_t)
++corenet_all_recvfrom_netlabel(pads_t)
++corenet_tcp_sendrecv_all_if(pads_t)
++corenet_tcp_sendrecv_all_nodes(pads_t)
++
++corenet_tcp_connect_prelude_port(pads_t)
++
++dev_read_rand(pads_t)
++dev_read_urand(pads_t)
++
++files_read_etc_files(pads_t)
++files_search_spool(pads_t)
++
++libs_use_ld_so(pads_t)
++libs_use_shared_libs(pads_t)
++
++miscfiles_read_localization(pads_t)
++
++logging_send_syslog_msg(pads_t)
++
++sysnet_dns_name_resolve(pads_t)
++
++optional_policy(`
++ prelude_rw_spool(pads_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.5.7/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/pcscd.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/pcscd.te 2008-09-08 10:19:45.000000000 -0400
@@ -10,6 +10,7 @@
type pcscd_exec_t;
domain_type(pcscd_t)
@@ -20185,9 +20269,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
openct_stream_connect(pcscd_t)
openct_read_pid_files(pcscd_t)
openct_signull(pcscd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.5.6/policy/modules/services/pegasus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.5.7/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/pegasus.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/pegasus.te 2008-09-08 10:19:45.000000000 -0400
@@ -96,13 +96,12 @@
auth_use_nsswitch(pegasus_t)
@@ -20212,9 +20296,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sysnet_domtrans_ifconfig(pegasus_t)
userdom_dontaudit_use_unpriv_user_fds(pegasus_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.5.6/policy/modules/services/polkit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.5.7/policy/modules/services/polkit.fc
--- nsaserefpolicy/policy/modules/services/polkit.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/polkit.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/polkit.fc 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,9 @@
+
+/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -20225,9 +20309,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/PolicyKit(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
+/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:polkit_var_run_t,s0)
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.5.6/policy/modules/services/polkit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.5.7/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/polkit.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/polkit.if 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,212 @@
+
+## <summary>policy for polkit_auth</summary>
@@ -20441,9 +20525,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ polkit_read_lib($2)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.5.6/policy/modules/services/polkit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.5.7/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.6/policy/modules/services/polkit.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/polkit.te 2008-09-08 10:19:45.000000000 -0400
@@ -0,0 +1,231 @@
+policy_module(polkit_auth, 1.0.0)
+
@@ -20676,9 +20760,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_ptrace(polkit_resolve_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.5.6/policy/modules/services/postfix.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portmap.te serefpolicy-3.5.7/policy/modules/services/portmap.te
+--- nsaserefpolicy/policy/modules/services/portmap.te 2008-08-07 11:15:11.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/portmap.te 2008-09-08 10:19:45.000000000 -0400
+@@ -41,6 +41,7 @@
+ manage_files_pattern(portmap_t, portmap_var_run_t, portmap_var_run_t)
+ files_pid_filetrans(portmap_t, portmap_var_run_t, file)
+
++kernel_read_system_state(portmap_t)
+ kernel_read_kernel_sysctls(portmap_t)
+ kernel_list_proc(portmap_t)
+ kernel_read_proc_symlinks(portmap_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.5.7/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postfix.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postfix.fc 2008-09-08 10:19:45.000000000 -0400
@@ -29,12 +29,10 @@
/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -20703,9 +20798,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0)
/var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
/var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.5.6/policy/modules/services/postfix.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.5.7/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postfix.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postfix.if 2008-09-08 10:19:45.000000000 -0400
@@ -211,9 +211,8 @@
type postfix_etc_t;
')
@@ -20803,9 +20898,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ domtrans_pattern($1, postfix_postdrop_exec_t, postfix_postdrop_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.6/policy/modules/services/postfix.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.7/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postfix.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postfix.te 2008-09-08 10:19:45.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -21069,18 +21164,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_exec_shell(postfix_virtual_t)
corecmd_exec_bin(postfix_virtual_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.fc serefpolicy-3.5.6/policy/modules/services/postfixpolicyd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.fc serefpolicy-3.5.7/policy/modules/services/postfixpolicyd.fc
--- nsaserefpolicy/policy/modules/services/postfixpolicyd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postfixpolicyd.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postfixpolicyd.fc 2008-09-08 10:19:45.000000000 -0400
@@ -3,3 +3,5 @@
/usr/sbin/policyd -- gen_context(system_u:object_r:postfix_policyd_exec_t, s0)
/var/run/policyd\.pid -- gen_context(system_u:object_r:postfix_policyd_var_run_t, s0)
+
+/etc/rc\.d/init\.d/postfixpolicyd -- gen_context(system_u:object_r:postfixpolicyd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.if serefpolicy-3.5.6/policy/modules/services/postfixpolicyd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.if serefpolicy-3.5.7/policy/modules/services/postfixpolicyd.if
--- nsaserefpolicy/policy/modules/services/postfixpolicyd.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postfixpolicyd.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postfixpolicyd.if 2008-09-08 10:19:45.000000000 -0400
@@ -1 +1,68 @@
## <summary>Postfix policy server</summary>
+
@@ -21150,9 +21245,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.te serefpolicy-3.5.6/policy/modules/services/postfixpolicyd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.te serefpolicy-3.5.7/policy/modules/services/postfixpolicyd.te
--- nsaserefpolicy/policy/modules/services/postfixpolicyd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postfixpolicyd.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postfixpolicyd.te 2008-09-08 10:19:45.000000000 -0400
@@ -16,6 +16,9 @@
type postfix_policyd_var_run_t;
files_pid_file(postfix_policyd_var_run_t)
@@ -21163,9 +21258,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Local Policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.5.6/policy/modules/services/postgresql.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.5.7/policy/modules/services/postgresql.fc
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postgresql.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postgresql.fc 2008-09-08 10:19:45.000000000 -0400
@@ -28,13 +28,13 @@
/var/lib/postgres(ql)?(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
@@ -21187,9 +21282,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/postgresql(/.*)? gen_context(system_u:object_r:postgresql_var_run_t,s0)
+
+/etc/rc\.d/init\.d/postgresql -- gen_context(system_u:object_r:postgresql_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.5.6/policy/modules/services/postgresql.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.5.7/policy/modules/services/postgresql.if
--- nsaserefpolicy/policy/modules/services/postgresql.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postgresql.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postgresql.if 2008-09-08 10:19:45.000000000 -0400
@@ -372,3 +372,70 @@
typeattribute $1 sepgsql_unconfined_type;
@@ -21261,9 +21356,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ admin_pattern($1, postgresql_tmp_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.5.6/policy/modules/services/postgresql.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.5.7/policy/modules/services/postgresql.te
--- nsaserefpolicy/policy/modules/services/postgresql.te 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postgresql.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postgresql.te 2008-09-08 16:03:15.000000000 -0400
@@ -44,6 +44,9 @@
type postgresql_var_run_t;
files_pid_file(postgresql_var_run_t)
@@ -21274,6 +21369,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# database clients attribute
attribute sepgsql_client_type;
attribute sepgsql_unconfined_type;
+@@ -159,7 +162,7 @@
+
+ manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
+ manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
+-files_pid_filetrans(postgresql_t, postgresql_var_run_t, file)
++files_pid_filetrans(postgresql_t, postgresql_var_run_t, { file sock_file })
+
+ kernel_read_kernel_sysctls(postgresql_t)
+ kernel_read_system_state(postgresql_t)
@@ -289,7 +292,7 @@
allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
@@ -21292,9 +21396,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto };
allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.fc serefpolicy-3.5.6/policy/modules/services/postgrey.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.fc serefpolicy-3.5.7/policy/modules/services/postgrey.fc
--- nsaserefpolicy/policy/modules/services/postgrey.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postgrey.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postgrey.fc 2008-09-08 10:19:45.000000000 -0400
@@ -7,3 +7,7 @@
/var/run/postgrey(/.*)? gen_context(system_u:object_r:postgrey_var_run_t,s0)
@@ -21303,9 +21407,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/rc\.d/init\.d/postgrey -- gen_context(system_u:object_r:postgrey_script_exec_t,s0)
+
+/var/spool/postfix/postgrey(/.*)? gen_context(system_u:object_r:postgrey_spool_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.5.6/policy/modules/services/postgrey.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.5.7/policy/modules/services/postgrey.if
--- nsaserefpolicy/policy/modules/services/postgrey.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postgrey.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postgrey.if 2008-09-08 10:19:45.000000000 -0400
@@ -12,10 +12,80 @@
#
interface(`postgrey_stream_connect',`
@@ -21388,9 +21492,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.te serefpolicy-3.5.6/policy/modules/services/postgrey.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.te serefpolicy-3.5.7/policy/modules/services/postgrey.te
--- nsaserefpolicy/policy/modules/services/postgrey.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/postgrey.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/postgrey.te 2008-09-08 10:19:45.000000000 -0400
@@ -13,26 +13,38 @@
type postgrey_etc_t;
files_config_file(postgrey_etc_t)
@@ -21443,18 +21547,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(postgrey_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.5.6/policy/modules/services/ppp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.5.7/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ppp.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ppp.fc 2008-09-08 10:19:45.000000000 -0400
@@ -33,3 +33,5 @@
/var/log/ppp-connect-errors.* -- gen_context(system_u:object_r:pppd_log_t,s0)
/var/log/ppp/.* -- gen_context(system_u:object_r:pppd_log_t,s0)
+
+/etc/rc\.d/init\.d/ppp -- gen_context(system_u:object_r:pppd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.5.6/policy/modules/services/ppp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.5.7/policy/modules/services/ppp.if
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ppp.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ppp.if 2008-09-08 10:19:45.000000000 -0400
@@ -76,6 +76,24 @@
########################################
@@ -21526,9 +21630,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, pptp_var_run_t, pptp_var_run_t)
+ admin_pattern($1, pptp_var_run_t, pptp_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.5.6/policy/modules/services/ppp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.5.7/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ppp.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ppp.te 2008-09-08 10:19:45.000000000 -0400
@@ -71,7 +71,7 @@
# PPPD Local policy
#
@@ -21575,10 +21679,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
hostname_exec(pptp_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.5.6/policy/modules/services/prelude.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.5.7/policy/modules/services/prelude.fc
--- nsaserefpolicy/policy/modules/services/prelude.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/prelude.fc 2008-09-03 15:55:22.000000000 -0400
-@@ -5,7 +5,16 @@
++++ serefpolicy-3.5.7/policy/modules/services/prelude.fc 2008-09-08 16:03:15.000000000 -0400
+@@ -5,7 +5,20 @@
/var/lib/prelude-lml(/.*)? gen_context(system_u:object_r:prelude_var_lib_t,s0)
@@ -21592,12 +21696,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/bin/prelude-lml -- gen_context(system_u:object_r:prelude_lml_exec_t,s0)
+/var/run/prelude-lml.pid -- gen_context(system_u:object_r:prelude_lml_var_run_t,s0)
+
++/etc/rc\.d/init\.d/prelude-correlator -- gen_context(system_u:object_r:prelude_correlator_script_exec_t, s0)
+/etc/rc\.d/init\.d/prelude-lml -- gen_context(system_u:object_r:prelude_lml_script_exec_t,s0)
+/etc/rc\.d/init\.d/prelude-manager -- gen_context(system_u:object_r:prelude_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.5.6/policy/modules/services/prelude.if
++/etc/prelude-correlator(/.*)? gen_context(system_u:object_r:prelude_correlator_config_t, s0)
++/usr/bin/prelude-correlator -- gen_context(system_u:object_r:prelude_correlator_exec_t, s0)
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.5.7/policy/modules/services/prelude.if
--- nsaserefpolicy/policy/modules/services/prelude.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/prelude.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/prelude.if 2008-09-08 10:19:45.000000000 -0400
@@ -6,7 +6,7 @@
## </summary>
## <param name="domain">
@@ -21757,10 +21865,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, prelude_lml_tmp_t)
+ admin_pattern($1, prelude_lml_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.6/policy/modules/services/prelude.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.7/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/prelude.te 2008-09-03 15:55:22.000000000 -0400
-@@ -13,18 +13,40 @@
++++ serefpolicy-3.5.7/policy/modules/services/prelude.te 2008-09-08 16:37:38.000000000 -0400
+@@ -13,18 +13,56 @@
type prelude_spool_t;
files_type(prelude_spool_t)
@@ -21798,10 +21906,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+type prelude_lml_tmp_t;
+files_tmp_file(prelude_lml_tmp_t)
++
++########################################
++#
++# prelude_correlator declarations
++#
++
++type prelude_correlator_t;
++type prelude_correlator_exec_t;
++init_daemon_domain(prelude_correlator_t, prelude_correlator_exec_t)
++role system_r types prelude_correlator_t;
++
++type prelude_correlator_script_exec_t;
++init_script_file(prelude_correlator_script_exec_t)
++
++type prelude_correlator_config_t;
++files_config_file(prelude_correlator_config_t)
########################################
#
-@@ -49,6 +71,9 @@
+@@ -49,6 +87,9 @@
manage_sock_files_pattern(prelude_t, prelude_var_run_t, prelude_var_run_t)
files_pid_filetrans(prelude_t, prelude_var_run_t, file)
@@ -21811,7 +21935,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_search_bin(prelude_t)
corenet_all_recvfrom_unlabeled(prelude_t)
-@@ -56,6 +81,9 @@
+@@ -56,6 +97,9 @@
corenet_tcp_sendrecv_all_if(prelude_t)
corenet_tcp_sendrecv_all_nodes(prelude_t)
corenet_tcp_bind_all_nodes(prelude_t)
@@ -21821,17 +21945,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_rand(prelude_t)
dev_read_urand(prelude_t)
-@@ -65,6 +93,9 @@
+@@ -65,6 +109,11 @@
files_read_etc_files(prelude_t)
files_read_usr_files(prelude_t)
+files_search_tmp(prelude_t)
+
++files_search_tmp(prelude_t)
++
+fs_rw_anon_inodefs_files(prelude_t)
auth_use_nsswitch(prelude_t)
-@@ -110,6 +141,7 @@
+@@ -110,6 +159,7 @@
corenet_tcp_sendrecv_all_if(prelude_audisp_t)
corenet_tcp_sendrecv_all_nodes(prelude_audisp_t)
corenet_tcp_bind_all_nodes(prelude_audisp_t)
@@ -21839,7 +21965,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_rand(prelude_audisp_t)
dev_read_urand(prelude_audisp_t)
-@@ -123,9 +155,84 @@
+@@ -123,9 +173,119 @@
libs_use_shared_libs(prelude_audisp_t)
logging_send_syslog_msg(prelude_audisp_t)
@@ -21851,11 +21977,47 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+########################################
+#
++# prelude_correlator local policy
++#
++
++allow prelude_correlator_t self:netlink_route_socket r_netlink_socket_perms;
++allow prelude_correlator_t self:tcp_socket create_stream_socket_perms;
++allow prelude_correlator_t self:unix_dgram_socket create_socket_perms;
++
++read_files_pattern(prelude_correlator_t, prelude_correlator_config_t, prelude_correlator_config_t)
++
++prelude_manage_spool(prelude_correlator_t)
++
++corecmd_search_sbin(prelude_correlator_t)
++
++corenet_all_recvfrom_unlabeled(prelude_correlator_t)
++corenet_all_recvfrom_netlabel(prelude_correlator_t)
++corenet_tcp_sendrecv_all_if(prelude_correlator_t)
++corenet_tcp_sendrecv_all_nodes(prelude_correlator_t)
++corenet_tcp_connect_prelude_port(prelude_correlator_t)
++
++dev_read_rand(prelude_correlator_t)
++dev_read_urand(prelude_correlator_t)
++
++files_read_etc_files(prelude_correlator_t)
++files_read_usr_files(prelude_correlator_t)
++files_search_spool(prelude_correlator_t)
++
++libs_use_ld_so(prelude_correlator_t)
++libs_use_shared_libs(prelude_correlator_t)
++
++logging_send_syslog_msg(prelude_correlator_t)
++
++miscfiles_read_localization(prelude_correlator_t)
++
++sysnet_dns_name_resolve(prelude_correlator_t)
++
++########################################
++#
+# prelude_lml local declarations
+#
+
+# Init script handling
-+# Test me
+domain_use_interactive_fds(prelude_lml_t)
+
+allow prelude_lml_t self:tcp_socket { write getattr setopt read create connect };
@@ -21913,9 +22075,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+miscfiles_read_localization(prelude_lml_t)
+
-+optional_policy(`
-+ gamin_exec(prelude_lml_t)
-+')
++# if prelude_lml wants to relay to a remote prelude-manager using dns
++sysnet_dns_name_resolve(prelude_lml_t)
+
+optional_policy(`
+ apache_read_log(prelude_lml_t)
@@ -21924,7 +22085,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# prewikka_cgi Declarations
-@@ -133,8 +240,19 @@
+@@ -133,8 +293,19 @@
optional_policy(`
apache_content_template(prewikka)
@@ -21944,9 +22105,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
mysql_search_db(httpd_prewikka_script_t)
mysql_stream_connect(httpd_prewikka_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.5.6/policy/modules/services/privoxy.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.5.7/policy/modules/services/privoxy.fc
--- nsaserefpolicy/policy/modules/services/privoxy.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/privoxy.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/privoxy.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,6 +1,10 @@
/etc/privoxy/user\.action -- gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
@@ -21958,9 +22119,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/rc\.d/init\.d/privoxy -- gen_context(system_u:object_r:privoxy_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.if serefpolicy-3.5.6/policy/modules/services/privoxy.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.if serefpolicy-3.5.7/policy/modules/services/privoxy.if
--- nsaserefpolicy/policy/modules/services/privoxy.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/privoxy.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/privoxy.if 2008-09-08 10:19:45.000000000 -0400
@@ -2,6 +2,25 @@
########################################
@@ -22015,9 +22176,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, privoxy_var_run_t, privoxy_var_run_t)
+ admin_pattern($1, privoxy_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.5.6/policy/modules/services/privoxy.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.5.7/policy/modules/services/privoxy.te
--- nsaserefpolicy/policy/modules/services/privoxy.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/privoxy.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/privoxy.te 2008-09-08 10:19:45.000000000 -0400
@@ -19,6 +19,9 @@
type privoxy_var_run_t;
files_pid_file(privoxy_var_run_t)
@@ -22036,18 +22197,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_tor_port(privoxy_t)
corenet_sendrecv_http_cache_client_packets(privoxy_t)
corenet_sendrecv_http_cache_server_packets(privoxy_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.5.6/policy/modules/services/procmail.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.5.7/policy/modules/services/procmail.fc
--- nsaserefpolicy/policy/modules/services/procmail.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/procmail.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/procmail.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,2 +1,5 @@
/usr/bin/procmail -- gen_context(system_u:object_r:procmail_exec_t,s0)
+
+/var/log/procmail\.log.* -- gen_context(system_u:object_r:procmail_log_t,s0)
+/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.5.6/policy/modules/services/procmail.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.5.7/policy/modules/services/procmail.if
--- nsaserefpolicy/policy/modules/services/procmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/procmail.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/procmail.if 2008-09-08 10:19:45.000000000 -0400
@@ -39,3 +39,41 @@
corecmd_search_bin($1)
can_exec($1, procmail_exec_t)
@@ -22090,9 +22251,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_search_tmp($1)
+ rw_files_pattern($1, procmail_tmp_t, procmail_tmp_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.5.6/policy/modules/services/procmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.5.7/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/procmail.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/procmail.te 2008-09-08 10:19:45.000000000 -0400
@@ -14,6 +14,10 @@
type procmail_tmp_t;
files_tmp_file(procmail_tmp_t)
@@ -22170,9 +22331,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ mailscanner_read_spool(procmail_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.5.6/policy/modules/services/pyzor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.5.7/policy/modules/services/pyzor.fc
--- nsaserefpolicy/policy/modules/services/pyzor.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/pyzor.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/pyzor.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,9 +1,12 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
@@ -22187,9 +22348,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/log/pyzord\.log -- gen_context(system_u:object_r:pyzord_log_t,s0)
+
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.5.6/policy/modules/services/pyzor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.5.7/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/pyzor.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/pyzor.if 2008-09-08 10:19:45.000000000 -0400
@@ -25,16 +25,16 @@
#
template(`pyzor_per_role_template',`
@@ -22293,9 +22454,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.5.6/policy/modules/services/pyzor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.5.7/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/pyzor.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/pyzor.te 2008-09-08 10:19:45.000000000 -0400
@@ -6,6 +6,37 @@
# Declarations
#
@@ -22381,9 +22542,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.te serefpolicy-3.5.6/policy/modules/services/qmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.te serefpolicy-3.5.7/policy/modules/services/qmail.te
--- nsaserefpolicy/policy/modules/services/qmail.te 2008-08-11 11:23:34.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/qmail.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/qmail.te 2008-09-08 10:19:45.000000000 -0400
@@ -124,6 +124,10 @@
qmail_domtrans_queue(qmail_local_t)
@@ -22406,18 +22567,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ucspitcp_service_domain(qmail_smtpd_t, qmail_smtpd_exec_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.fc serefpolicy-3.5.6/policy/modules/services/radius.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.fc serefpolicy-3.5.7/policy/modules/services/radius.fc
--- nsaserefpolicy/policy/modules/services/radius.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/radius.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/radius.fc 2008-09-08 10:19:45.000000000 -0400
@@ -20,3 +20,5 @@
/var/run/radiusd(/.*)? gen_context(system_u:object_r:radiusd_var_run_t,s0)
/var/run/radiusd\.pid -- gen_context(system_u:object_r:radiusd_var_run_t,s0)
+
+/etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radius_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.if serefpolicy-3.5.6/policy/modules/services/radius.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.if serefpolicy-3.5.7/policy/modules/services/radius.if
--- nsaserefpolicy/policy/modules/services/radius.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/radius.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/radius.if 2008-09-08 10:19:45.000000000 -0400
@@ -16,6 +16,25 @@
########################################
@@ -22479,9 +22640,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, radiusd_var_run_t, radiusd_var_run_t)
+ admin_pattern($1, radiusd_var_run_t, radiusd_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.5.6/policy/modules/services/radius.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.5.7/policy/modules/services/radius.te
--- nsaserefpolicy/policy/modules/services/radius.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/radius.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/radius.te 2008-09-08 10:19:45.000000000 -0400
@@ -25,6 +25,9 @@
type radiusd_var_run_t;
files_pid_file(radiusd_var_run_t)
@@ -22554,17 +22715,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.fc serefpolicy-3.5.6/policy/modules/services/radvd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.fc serefpolicy-3.5.7/policy/modules/services/radvd.fc
--- nsaserefpolicy/policy/modules/services/radvd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/radvd.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/radvd.fc 2008-09-08 10:19:45.000000000 -0400
@@ -5,3 +5,4 @@
/var/run/radvd\.pid -- gen_context(system_u:object_r:radvd_var_run_t,s0)
/var/run/radvd(/.*)? gen_context(system_u:object_r:radvd_var_run_t,s0)
+/etc/rc\.d/init\.d/radvd -- gen_context(system_u:object_r:radvd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.if serefpolicy-3.5.6/policy/modules/services/radvd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.if serefpolicy-3.5.7/policy/modules/services/radvd.if
--- nsaserefpolicy/policy/modules/services/radvd.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/radvd.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/radvd.if 2008-09-08 10:19:45.000000000 -0400
@@ -2,6 +2,25 @@
########################################
@@ -22615,9 +22776,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, radvd_var_run_t, radvd_var_run_t)
+ admin_pattern($1, radvd_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.5.6/policy/modules/services/radvd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.5.7/policy/modules/services/radvd.te
--- nsaserefpolicy/policy/modules/services/radvd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/radvd.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/radvd.te 2008-09-08 10:19:45.000000000 -0400
@@ -15,6 +15,9 @@
type radvd_etc_t;
files_config_file(radvd_etc_t)
@@ -22636,18 +22797,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow radvd_t radvd_etc_t:file read_file_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.5.6/policy/modules/services/razor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.5.7/policy/modules/services/razor.fc
--- nsaserefpolicy/policy/modules/services/razor.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/razor.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/razor.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,4 +1,4 @@
-HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:ROLE_razor_home_t,s0)
+HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
/etc/razor(/.*)? gen_context(system_u:object_r:razor_etc_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.5.6/policy/modules/services/razor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.5.7/policy/modules/services/razor.if
--- nsaserefpolicy/policy/modules/services/razor.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/razor.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/razor.if 2008-09-08 10:19:45.000000000 -0400
@@ -137,6 +137,7 @@
template(`razor_per_role_template',`
gen_require(`
@@ -22767,9 +22928,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.5.6/policy/modules/services/razor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.5.7/policy/modules/services/razor.te
--- nsaserefpolicy/policy/modules/services/razor.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/razor.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/razor.te 2008-09-08 10:19:45.000000000 -0400
@@ -6,21 +6,51 @@
# Declarations
#
@@ -22825,9 +22986,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
razor_common_domain_template(razor)
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.5.6/policy/modules/services/ricci.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.5.7/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ricci.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ricci.te 2008-09-08 10:19:45.000000000 -0400
@@ -205,7 +205,7 @@
corecmd_exec_shell(ricci_modcluster_t)
corecmd_exec_bin(ricci_modcluster_t)
@@ -22864,9 +23025,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#Needed for editing /etc/fstab
files_manage_etc_files(ricci_modstorage_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.5.6/policy/modules/services/rlogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.5.7/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rlogin.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rlogin.te 2008-09-08 10:19:45.000000000 -0400
@@ -94,8 +94,8 @@
remotelogin_signal(rlogind_t)
@@ -22878,18 +23039,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.fc serefpolicy-3.5.6/policy/modules/services/roundup.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.fc serefpolicy-3.5.7/policy/modules/services/roundup.fc
--- nsaserefpolicy/policy/modules/services/roundup.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/roundup.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/roundup.fc 2008-09-08 10:19:45.000000000 -0400
@@ -7,3 +7,5 @@
# /var
#
/var/lib/roundup(/.*)? -- gen_context(system_u:object_r:roundup_var_lib_t,s0)
+
+/etc/rc\.d/init\.d/roundup -- gen_context(system_u:object_r:roundup_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.if serefpolicy-3.5.6/policy/modules/services/roundup.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.if serefpolicy-3.5.7/policy/modules/services/roundup.if
--- nsaserefpolicy/policy/modules/services/roundup.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/roundup.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/roundup.if 2008-09-08 10:19:45.000000000 -0400
@@ -1 +1,66 @@
## <summary>Roundup Issue Tracking System policy</summary>
+
@@ -22957,9 +23118,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, roundup_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.te serefpolicy-3.5.6/policy/modules/services/roundup.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.te serefpolicy-3.5.7/policy/modules/services/roundup.te
--- nsaserefpolicy/policy/modules/services/roundup.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/roundup.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/roundup.te 2008-09-08 10:19:45.000000000 -0400
@@ -16,6 +16,9 @@
type roundup_var_lib_t;
files_type(roundup_var_lib_t)
@@ -22970,9 +23131,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# Local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.5.6/policy/modules/services/rpc.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.5.7/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rpc.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rpc.if 2008-09-08 10:19:45.000000000 -0400
@@ -88,8 +88,11 @@
# bind to arbitary unused ports
corenet_tcp_bind_generic_port($1_t)
@@ -23011,9 +23172,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read NFS exported content.
## </summary>
## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.5.6/policy/modules/services/rpc.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.5.7/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rpc.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rpc.te 2008-09-08 10:19:45.000000000 -0400
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -23071,18 +23232,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-3.5.6/policy/modules/services/rpcbind.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-3.5.7/policy/modules/services/rpcbind.fc
--- nsaserefpolicy/policy/modules/services/rpcbind.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rpcbind.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rpcbind.fc 2008-09-08 10:19:45.000000000 -0400
@@ -5,3 +5,5 @@
/var/run/rpc.statd\.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
/var/run/rpcbind\.lock -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
/var/run/rpcbind\.sock -s gen_context(system_u:object_r:rpcbind_var_run_t,s0)
+
+/etc/rc\.d/init\.d/rpcbind -- gen_context(system_u:object_r:rpcbind_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.5.6/policy/modules/services/rpcbind.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.5.7/policy/modules/services/rpcbind.if
--- nsaserefpolicy/policy/modules/services/rpcbind.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rpcbind.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rpcbind.if 2008-09-08 10:19:45.000000000 -0400
@@ -95,3 +95,65 @@
manage_files_pattern($1, rpcbind_var_lib_t, rpcbind_var_lib_t)
files_search_var_lib($1)
@@ -23149,9 +23310,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, rpcbind_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.5.6/policy/modules/services/rpcbind.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.5.7/policy/modules/services/rpcbind.te
--- nsaserefpolicy/policy/modules/services/rpcbind.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rpcbind.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rpcbind.te 2008-09-08 10:19:45.000000000 -0400
@@ -16,16 +16,21 @@
type rpcbind_var_lib_t;
files_type(rpcbind_var_lib_t)
@@ -23183,9 +23344,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_network_state(rpcbind_t)
corenet_all_recvfrom_unlabeled(rpcbind_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.5.6/policy/modules/services/rshd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.5.7/policy/modules/services/rshd.te
--- nsaserefpolicy/policy/modules/services/rshd.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rshd.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rshd.te 2008-09-08 10:19:45.000000000 -0400
@@ -16,7 +16,7 @@
#
# Local policy
@@ -23247,9 +23408,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unconfined_shell_domtrans(rshd_t)
+ unconfined_signal(rshd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.5.6/policy/modules/services/rsync.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.5.7/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rsync.te 2008-09-04 10:40:02.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rsync.te 2008-09-08 10:19:45.000000000 -0400
@@ -45,7 +45,7 @@
# Local policy
#
@@ -23259,18 +23420,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow rsync_t self:process signal_perms;
allow rsync_t self:fifo_file rw_fifo_file_perms;
allow rsync_t self:tcp_socket create_stream_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.fc serefpolicy-3.5.6/policy/modules/services/rwho.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.fc serefpolicy-3.5.7/policy/modules/services/rwho.fc
--- nsaserefpolicy/policy/modules/services/rwho.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rwho.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rwho.fc 2008-09-08 10:19:45.000000000 -0400
@@ -3,3 +3,5 @@
/var/spool/rwho(/.*)? gen_context(system_u:object_r:rwho_spool_t,s0)
/var/log/rwhod(/.*)? gen_context(system_u:object_r:rwho_log_t,s0)
+
+/etc/rc\.d/init\.d/rwhod -- gen_context(system_u:object_r:rwho_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.if serefpolicy-3.5.6/policy/modules/services/rwho.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.if serefpolicy-3.5.7/policy/modules/services/rwho.if
--- nsaserefpolicy/policy/modules/services/rwho.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rwho.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rwho.if 2008-09-08 10:19:45.000000000 -0400
@@ -118,6 +118,25 @@
########################################
@@ -23321,9 +23482,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, rwho_spool_t, rwho_spool_t)
+ admin_pattern($1, rwho_spool_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.te serefpolicy-3.5.6/policy/modules/services/rwho.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.te serefpolicy-3.5.7/policy/modules/services/rwho.te
--- nsaserefpolicy/policy/modules/services/rwho.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/rwho.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/rwho.te 2008-09-08 10:19:45.000000000 -0400
@@ -16,6 +16,9 @@
type rwho_spool_t;
files_type(rwho_spool_t)
@@ -23334,9 +23495,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# rwho local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.5.6/policy/modules/services/samba.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.5.7/policy/modules/services/samba.fc
--- nsaserefpolicy/policy/modules/services/samba.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/samba.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/samba.fc 2008-09-08 10:19:45.000000000 -0400
@@ -15,6 +15,7 @@
/usr/bin/ntlm_auth -- gen_context(system_u:object_r:winbind_helper_exec_t,s0)
/usr/bin/smbmount -- gen_context(system_u:object_r:smbmount_exec_t,s0)
@@ -23357,9 +23518,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ifndef(`enable_mls',`
+/var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.5.6/policy/modules/services/samba.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.5.7/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/samba.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/samba.if 2008-09-08 10:19:45.000000000 -0400
@@ -33,12 +33,12 @@
')
@@ -23727,9 +23888,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, samba_unconfined_script_exec_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.5.6/policy/modules/services/samba.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.5.7/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/samba.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/samba.te 2008-09-08 10:19:45.000000000 -0400
@@ -66,6 +66,13 @@
## </desc>
gen_tunable(samba_share_nfs, false)
@@ -24082,18 +24243,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow winbind_t smbcontrol_t:process signal;
+
+allow smbcontrol_t nmbd_var_run_t:file { read lock };
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.fc serefpolicy-3.5.6/policy/modules/services/sasl.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.fc serefpolicy-3.5.7/policy/modules/services/sasl.fc
--- nsaserefpolicy/policy/modules/services/sasl.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/sasl.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/sasl.fc 2008-09-08 10:19:45.000000000 -0400
@@ -8,3 +8,5 @@
# /var
#
/var/run/saslauthd(/.*)? gen_context(system_u:object_r:saslauthd_var_run_t,s0)
+
+/etc/rc\.d/init\.d/sasl -- gen_context(system_u:object_r:sasl_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.if serefpolicy-3.5.6/policy/modules/services/sasl.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.if serefpolicy-3.5.7/policy/modules/services/sasl.if
--- nsaserefpolicy/policy/modules/services/sasl.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/sasl.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/sasl.if 2008-09-08 10:19:45.000000000 -0400
@@ -21,6 +21,25 @@
########################################
@@ -24144,9 +24305,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, saslauthd_var_run_t, saslauthd_var_run_t)
+ admin_pattern($1, saslauthd_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.5.6/policy/modules/services/sasl.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.5.7/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/sasl.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/sasl.te 2008-09-08 10:19:45.000000000 -0400
@@ -23,6 +23,9 @@
type saslauthd_var_run_t;
files_pid_file(saslauthd_var_run_t)
@@ -24177,9 +24338,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(saslauthd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.5.6/policy/modules/services/sendmail.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.5.7/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/sendmail.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/sendmail.if 2008-09-08 10:19:45.000000000 -0400
@@ -149,3 +149,104 @@
logging_log_filetrans($1, sendmail_log_t, file)
@@ -24285,9 +24446,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $1 sendmail_t:fifo_file rw_fifo_file_perms;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.5.6/policy/modules/services/sendmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.5.7/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/sendmail.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/sendmail.te 2008-09-08 10:19:45.000000000 -0400
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -24447,18 +24608,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
-') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.5.6/policy/modules/services/setroubleshoot.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.5.7/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/setroubleshoot.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/setroubleshoot.fc 2008-09-08 10:19:45.000000000 -0400
@@ -5,3 +5,5 @@
/var/log/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
/var/lib/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
+
+/etc/rc\.d/init\.d/setroubleshoot -- gen_context(system_u:object_r:setroubleshoot_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.5.6/policy/modules/services/setroubleshoot.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.5.7/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/setroubleshoot.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/setroubleshoot.if 2008-09-08 10:19:45.000000000 -0400
@@ -16,8 +16,8 @@
')
@@ -24547,9 +24708,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, setroubleshoot_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.5.6/policy/modules/services/setroubleshoot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.5.7/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/setroubleshoot.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/setroubleshoot.te 2008-09-08 10:19:45.000000000 -0400
@@ -22,13 +22,16 @@
type setroubleshoot_var_run_t;
files_pid_file(setroubleshoot_var_run_t)
@@ -24632,17 +24793,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
rpm_read_db(setroubleshootd_t)
rpm_dontaudit_manage_db(setroubleshootd_t)
rpm_use_script_fds(setroubleshootd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.fc serefpolicy-3.5.6/policy/modules/services/smartmon.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.fc serefpolicy-3.5.7/policy/modules/services/smartmon.fc
--- nsaserefpolicy/policy/modules/services/smartmon.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/smartmon.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/smartmon.fc 2008-09-08 10:19:45.000000000 -0400
@@ -8,3 +8,4 @@
#
/var/run/smartd\.pid -- gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
+/etc/rc\.d/init\.d/smartd -- gen_context(system_u:object_r:fsdaemon_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.if serefpolicy-3.5.6/policy/modules/services/smartmon.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.if serefpolicy-3.5.7/policy/modules/services/smartmon.if
--- nsaserefpolicy/policy/modules/services/smartmon.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/smartmon.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/smartmon.if 2008-09-08 10:19:45.000000000 -0400
@@ -20,6 +20,25 @@
########################################
@@ -24693,9 +24854,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, fsdaemon_var_run_t, fsdaemon_var_run_t)
+ admin_pattern($1, fsdaemon_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.5.6/policy/modules/services/smartmon.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.5.7/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/smartmon.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/smartmon.te 2008-09-08 10:19:45.000000000 -0400
@@ -16,6 +16,10 @@
type fsdaemon_tmp_t;
files_tmp_file(fsdaemon_tmp_t)
@@ -24735,9 +24896,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sysadm_dontaudit_search_home_dirs(fsdaemon_t)
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.5.6/policy/modules/services/snmp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.5.7/policy/modules/services/snmp.fc
--- nsaserefpolicy/policy/modules/services/snmp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/snmp.fc 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/snmp.fc 2008-09-08 10:19:45.000000000 -0400
@@ -17,3 +17,6 @@
/var/run/snmpd -d gen_context(system_u:object_r:snmpd_var_run_t,s0)
@@ -24745,9 +24906,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/rc\.d/init\.d/snmpd -- gen_context(system_u:object_r:snmp_script_exec_t,s0)
+/etc/rc\.d/init\.d/snmptrapd -- gen_context(system_u:object_r:snmp_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.5.6/policy/modules/services/snmp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.5.7/policy/modules/services/snmp.if
--- nsaserefpolicy/policy/modules/services/snmp.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/snmp.if 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/snmp.if 2008-09-08 10:19:45.000000000 -0400
@@ -87,6 +87,25 @@
########################################
@@ -24818,9 +24979,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, snmpd_var_run_t, snmpd_var_run_t)
+ admin_pattern($1, snmpd_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.5.6/policy/modules/services/snmp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.5.7/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/snmp.te 2008-09-03 15:55:22.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/snmp.te 2008-09-08 10:19:45.000000000 -0400
@@ -18,12 +18,16 @@
type snmpd_var_lib_t;
files_type(snmpd_var_lib_t)
@@ -24882,24 +25043,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.fc serefpolicy-3.5.6/policy/modules/services/snort.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.fc serefpolicy-3.5.7/policy/modules/services/snort.fc
--- nsaserefpolicy/policy/modules/services/snort.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/snort.fc 2008-09-03 15:55:22.000000000 -0400
-@@ -1,6 +1,10 @@
-+/usr/s?bin/snort -- gen_context(system_u:object_r:snort_exec_t,s0)
-+/usr/sbin/snort-plain -- gen_context(system_u:object_r:snort_exec_t,s0)
-
++++ serefpolicy-3.5.7/policy/modules/services/snort.fc 2008-09-08 16:11:51.000000000 -0400
+@@ -2,5 +1,10 @@
/etc/snort(/.*)? gen_context(system_u:object_r:snort_etc_t,s0)
--/usr/s?bin/snort -- gen_context(system_u:object_r:snort_exec_t,s0)
-+/var/run/snort.* -- gen_context(system_u:object_r:snort_var_run_t,s0)
+ /usr/s?bin/snort -- gen_context(system_u:object_r:snort_exec_t,s0)
++/usr/sbin/snort-plain -- gen_context(system_u:object_r:snort_exec_t,s0)
/var/log/snort(/.*)? gen_context(system_u:object_r:snort_log_t,s0)
+
++/var/run/snort.* -- gen_context(system_u:object_r:snort_var_run_t,s0)
++
+/etc/rc\.d/init\.d/snortd -- gen_context(system_u:object_r:snort_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.5.6/policy/modules/services/snort.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.5.7/policy/modules/services/snort.if
--- nsaserefpolicy/policy/modules/services/snort.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/snort.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/snort.if 2008-09-08 10:19:45.000000000 -0400
@@ -1 +1,91 @@
## <summary>Snort network intrusion detection system</summary>
+
@@ -24992,9 +25152,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $1 snort_t:process signal;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.6/policy/modules/services/snort.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.7/policy/modules/services/snort.te
--- nsaserefpolicy/policy/modules/services/snort.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/snort.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/snort.te 2008-09-08 16:03:15.000000000 -0400
@@ -10,8 +10,11 @@
type snort_exec_t;
init_daemon_domain(snort_t, snort_exec_t)
@@ -25008,7 +25168,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type snort_log_t;
logging_log_file(snort_log_t)
-@@ -65,8 +68,11 @@
+@@ -30,6 +33,8 @@
+ allow snort_t self:capability { setgid setuid net_admin net_raw dac_override };
+ dontaudit snort_t self:capability sys_tty_config;
+ allow snort_t self:process signal_perms;
++# Snort IPS node. unverified. netlink_firewall_socket
++allow snort_t self:netlink_firewall_socket { bind create getattr };
+ allow snort_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
+ allow snort_t self:tcp_socket create_stream_socket_perms;
+ allow snort_t self:udp_socket create_socket_perms;
+@@ -65,8 +70,11 @@
corenet_raw_sendrecv_all_nodes(snort_t)
corenet_tcp_sendrecv_all_ports(snort_t)
corenet_udp_sendrecv_all_ports(snort_t)
@@ -25020,7 +25189,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domain_use_interactive_fds(snort_t)
-@@ -79,6 +85,8 @@
+@@ -79,6 +87,8 @@
libs_use_ld_so(snort_t)
libs_use_shared_libs(snort_t)
@@ -25029,20 +25198,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_syslog_msg(snort_t)
miscfiles_read_localization(snort_t)
-@@ -90,6 +98,10 @@
+@@ -89,6 +99,13 @@
+
sysadm_dontaudit_search_home_dirs(snort_t)
- optional_policy(`
++# snorts must be able to resolve dns in case it wants to relay to a remote prelude-manager
++sysnet_dns_name_resolve(snort_t)
++
++optional_policy(`
+ prelude_manage_spool(snort_t)
+')
+
-+optional_policy(`
+ optional_policy(`
seutil_sigchld_newrole(snort_t)
')
-
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.fc serefpolicy-3.5.6/policy/modules/services/soundserver.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.fc serefpolicy-3.5.7/policy/modules/services/soundserver.fc
--- nsaserefpolicy/policy/modules/services/soundserver.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/soundserver.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/soundserver.fc 2008-09-08 10:19:45.000000000 -0400
@@ -7,4 +7,8 @@
/usr/sbin/yiff -- gen_context(system_u:object_r:soundd_exec_t,s0)
@@ -25052,9 +25224,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/state/yiff(/.*)? gen_context(system_u:object_r:soundd_state_t,s0)
+
+/etc/rc\.d/init\.d/nasd -- gen_context(system_u:object_r:soundd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.5.6/policy/modules/services/soundserver.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.5.7/policy/modules/services/soundserver.if
--- nsaserefpolicy/policy/modules/services/soundserver.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/soundserver.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/soundserver.if 2008-09-08 10:19:45.000000000 -0400
@@ -13,3 +13,70 @@
interface(`soundserver_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -25126,9 +25298,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, soundd_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.te serefpolicy-3.5.6/policy/modules/services/soundserver.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.te serefpolicy-3.5.7/policy/modules/services/soundserver.te
--- nsaserefpolicy/policy/modules/services/soundserver.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/soundserver.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/soundserver.te 2008-09-08 10:19:45.000000000 -0400
@@ -11,7 +11,7 @@
init_daemon_domain(soundd_t, soundd_exec_t)
@@ -25193,10 +25365,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(soundd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.5.6/policy/modules/services/spamassassin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.5.7/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/spamassassin.fc 2008-09-03 15:55:23.000000000 -0400
-@@ -1,16 +1,22 @@
++++ serefpolicy-3.5.7/policy/modules/services/spamassassin.fc 2008-09-08 16:32:32.000000000 -0400
+@@ -1,16 +1,27 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
@@ -25208,10 +25380,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/spamd -- gen_context(system_u:object_r:spamd_exec_t,s0)
+/usr/sbin/spamass-milter -- gen_context(system_u:object_r:spamd_exec_t,s0)
++/usr/bin/mimedefang-multiplexor -- gen_context(system_u:object_r:spamd_exec_t,s0)
/var/lib/spamassassin(/.*)? gen_context(system_u:object_r:spamd_var_lib_t,s0)
+/var/log/spamd\.log -- gen_context(system_u:object_r:spamd_log_t,s0)
++/var/log/mimedefang -- gen_context(system_u:object_r:spamd_log_t,s0)
+
/var/run/spamassassin(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
-/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
@@ -25220,11 +25394,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/spamassassin(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
/var/spool/spamd(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
++/var/spool/MD-Quarantine(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
++/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
+
+/etc/rc\.d/init\.d/spamd -- gen_context(system_u:object_r:spamd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.5.6/policy/modules/services/spamassassin.if
++/etc/rc\.d/init\.d/mimedefang.* -- gen_context(system_u:object_r:spamd_script_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.5.7/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/spamassassin.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/spamassassin.if 2008-09-08 10:19:45.000000000 -0400
@@ -34,10 +34,10 @@
# cjp: when tunables are available, spamc stuff should be
# toggled on activation of spamc, and similarly for spamd.
@@ -25787,9 +25964,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ manage_files_pattern($1, spamc_home_t, spamc_home_t)
+ razor_manage_user_home_files(user, $1)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.6/policy/modules/services/spamassassin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.7/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/spamassassin.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/spamassassin.te 2008-09-08 16:46:47.000000000 -0400
@@ -21,8 +21,10 @@
gen_tunable(spamd_enable_home_dirs, true)
@@ -25847,7 +26024,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dontaudit spamd_t self:capability sys_tty_config;
allow spamd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow spamd_t self:fd use;
-@@ -69,7 +89,9 @@
+@@ -69,10 +89,13 @@
allow spamd_t self:unix_stream_socket connectto;
allow spamd_t self:tcp_socket create_stream_socket_perms;
allow spamd_t self:udp_socket create_socket_perms;
@@ -25858,7 +26035,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_dirs_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
manage_files_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
-@@ -81,10 +103,11 @@
++manage_sock_files_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
+ files_spool_filetrans(spamd_t, spamd_spool_t, { file dir })
+
+ manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
+@@ -81,10 +104,11 @@
# var/lib files for spamd
allow spamd_t spamd_var_lib_t:dir list_dir_perms;
@@ -25871,7 +26052,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_pid_filetrans(spamd_t, spamd_var_run_t, { dir file })
kernel_read_all_sysctls(spamd_t)
-@@ -134,6 +157,8 @@
+@@ -134,6 +158,8 @@
init_dontaudit_rw_utmp(spamd_t)
@@ -25880,7 +26061,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
libs_use_ld_so(spamd_t)
libs_use_shared_libs(spamd_t)
-@@ -141,20 +166,40 @@
+@@ -141,20 +167,40 @@
miscfiles_read_localization(spamd_t)
@@ -25926,7 +26107,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_manage_cifs_files(spamd_t)
')
-@@ -172,6 +217,7 @@
+@@ -172,6 +218,7 @@
optional_policy(`
dcc_domtrans_client(spamd_t)
@@ -25934,7 +26115,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dcc_stream_connect_dccifd(spamd_t)
')
-@@ -181,10 +227,6 @@
+@@ -181,10 +228,6 @@
')
optional_policy(`
@@ -25945,7 +26126,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
postfix_read_config(spamd_t)
')
-@@ -199,6 +241,10 @@
+@@ -199,6 +242,10 @@
optional_policy(`
razor_domtrans(spamd_t)
@@ -25956,7 +26137,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -213,3 +259,121 @@
+@@ -213,3 +260,121 @@
optional_policy(`
udev_read_db(spamd_t)
')
@@ -26078,9 +26259,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ sendmail_stub(spamc_t)
+ sendmail_rw_pipes(spamc_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.5.6/policy/modules/services/squid.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.5.7/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/squid.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/squid.fc 2008-09-08 10:19:45.000000000 -0400
@@ -12,3 +12,8 @@
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
@@ -26090,9 +26271,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/rc\.d/init\.d/squid -- gen_context(system_u:object_r:squid_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.5.6/policy/modules/services/squid.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.5.7/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/squid.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/squid.if 2008-09-08 10:19:45.000000000 -0400
@@ -131,3 +131,114 @@
interface(`squid_use',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -26208,9 +26389,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 squid_t:process signal;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.5.6/policy/modules/services/squid.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.5.7/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/squid.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/squid.te 2008-09-08 10:19:45.000000000 -0400
@@ -31,12 +31,15 @@
type squid_var_run_t;
files_pid_file(squid_var_run_t)
@@ -26296,18 +26477,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ corenet_all_recvfrom_unlabeled(httpd_squid_script_t)
+ corenet_all_recvfrom_netlabel(httpd_squid_script_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.5.6/policy/modules/services/ssh.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.5.7/policy/modules/services/ssh.fc
--- nsaserefpolicy/policy/modules/services/ssh.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ssh.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ssh.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,4 +1,4 @@
-HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ROLE_home_ssh_t,s0)
+HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/etc/ssh/primes -- gen_context(system_u:object_r:sshd_key_t,s0)
/etc/ssh/ssh_host_key -- gen_context(system_u:object_r:sshd_key_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.5.6/policy/modules/services/ssh.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.5.7/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ssh.if 2008-09-04 13:51:46.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ssh.if 2008-09-08 10:19:45.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -26544,9 +26725,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_search_tmp($1)
+ delete_files_pattern($1, ssh_tmp_t, ssh_tmp_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.5.6/policy/modules/services/ssh.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.5.7/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/ssh.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/ssh.te 2008-09-08 10:19:45.000000000 -0400
@@ -24,7 +24,7 @@
# Type for the ssh-agent executable.
@@ -26607,9 +26788,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unconfined_shell_domtrans(sshd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.5.6/policy/modules/services/stunnel.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.5.7/policy/modules/services/stunnel.te
--- nsaserefpolicy/policy/modules/services/stunnel.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/stunnel.te 2008-09-04 10:48:02.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/stunnel.te 2008-09-08 10:19:45.000000000 -0400
@@ -54,6 +54,8 @@
kernel_read_system_state(stunnel_t)
kernel_read_network_state(stunnel_t)
@@ -26619,9 +26800,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_unlabeled(stunnel_t)
corenet_all_recvfrom_netlabel(stunnel_t)
corenet_tcp_sendrecv_all_if(stunnel_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.5.6/policy/modules/services/telnet.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.5.7/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/telnet.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/telnet.te 2008-09-08 10:19:45.000000000 -0400
@@ -89,15 +89,19 @@
userdom_search_unpriv_users_home_dirs(telnetd_t)
@@ -26646,9 +26827,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_manage_cifs_files(telnetd_t)
')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.5.6/policy/modules/services/tftp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.5.7/policy/modules/services/tftp.if
--- nsaserefpolicy/policy/modules/services/tftp.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/tftp.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/tftp.if 2008-09-08 10:19:45.000000000 -0400
@@ -20,10 +20,10 @@
allow $1 tftpd_t:process { ptrace signal_perms getattr };
ps_process_pattern($1, tftpd_t)
@@ -26663,9 +26844,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, tftpd_var_run_t, tftpd_var_run_t)
+ admin_pattern($1, tftpd_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.5.6/policy/modules/services/tftp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.5.7/policy/modules/services/tftp.te
--- nsaserefpolicy/policy/modules/services/tftp.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/tftp.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/tftp.te 2008-09-08 10:19:45.000000000 -0400
@@ -37,7 +37,6 @@
allow tftpd_t self:udp_socket create_socket_perms;
allow tftpd_t self:unix_dgram_socket create_socket_perms;
@@ -26710,18 +26891,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(tftpd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.fc serefpolicy-3.5.6/policy/modules/services/tor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.fc serefpolicy-3.5.7/policy/modules/services/tor.fc
--- nsaserefpolicy/policy/modules/services/tor.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/tor.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/tor.fc 2008-09-08 10:19:45.000000000 -0400
@@ -6,3 +6,5 @@
/var/lib/tor(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
/var/log/tor(/.*)? gen_context(system_u:object_r:tor_var_log_t,s0)
/var/run/tor(/.*)? gen_context(system_u:object_r:tor_var_run_t,s0)
+
+/etc/rc\.d/init\.d/tor -- gen_context(system_u:object_r:tor_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.if serefpolicy-3.5.6/policy/modules/services/tor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.if serefpolicy-3.5.7/policy/modules/services/tor.if
--- nsaserefpolicy/policy/modules/services/tor.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/tor.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/tor.if 2008-09-08 10:19:45.000000000 -0400
@@ -20,6 +20,25 @@
########################################
@@ -26781,9 +26962,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, tor_var_run_t)
')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.5.6/policy/modules/services/tor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.5.7/policy/modules/services/tor.te
--- nsaserefpolicy/policy/modules/services/tor.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/tor.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/tor.te 2008-09-08 10:19:45.000000000 -0400
@@ -26,11 +26,15 @@
type tor_var_run_t;
files_pid_file(tor_var_run_t)
@@ -26816,9 +26997,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
seutil_sigchld_newrole(tor_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.if serefpolicy-3.5.6/policy/modules/services/uucp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.if serefpolicy-3.5.7/policy/modules/services/uucp.if
--- nsaserefpolicy/policy/modules/services/uucp.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/uucp.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/uucp.if 2008-09-08 10:19:45.000000000 -0400
@@ -84,18 +84,18 @@
ps_process_pattern($1, uucpd_t)
@@ -26844,9 +27025,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, uucpd_var_run_t, uucpd_var_run_t)
+ admin_pattern($1, uucpd_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.5.6/policy/modules/services/uucp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.5.7/policy/modules/services/uucp.te
--- nsaserefpolicy/policy/modules/services/uucp.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/uucp.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/uucp.te 2008-09-08 10:19:45.000000000 -0400
@@ -116,6 +116,8 @@
files_read_etc_files(uux_t)
@@ -26856,9 +27037,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
libs_use_ld_so(uux_t)
libs_use_shared_libs(uux_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.5.6/policy/modules/services/virt.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.5.7/policy/modules/services/virt.fc
--- nsaserefpolicy/policy/modules/services/virt.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/virt.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/virt.fc 2008-09-08 10:19:45.000000000 -0400
@@ -9,3 +9,6 @@
/var/lib/libvirt/images(/.*)? gen_context(system_u:object_r:virt_image_t,s0)
/var/log/libvirt(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
@@ -26866,9 +27047,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/rc\.d/init\.d/libvirtd -- gen_context(system_u:object_r:virtd_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.5.6/policy/modules/services/virt.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.5.7/policy/modules/services/virt.if
--- nsaserefpolicy/policy/modules/services/virt.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/virt.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/virt.if 2008-09-08 10:19:45.000000000 -0400
@@ -68,7 +68,7 @@
## </summary>
## </param>
@@ -26966,9 +27147,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
virt_manage_pid_files($1)
virt_manage_lib_files($1)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.5.6/policy/modules/services/virt.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.5.7/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/virt.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/virt.te 2008-09-08 10:19:45.000000000 -0400
@@ -1,6 +1,8 @@
policy_module(virt, 1.0.0)
@@ -27099,9 +27280,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(virtd_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.5.6/policy/modules/services/xserver.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.5.7/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/xserver.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/xserver.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,13 +1,15 @@
#
# HOME_DIR
@@ -27173,9 +27354,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_suse',`
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.6/policy/modules/services/xserver.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.7/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/xserver.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/xserver.if 2008-09-08 10:19:45.000000000 -0400
@@ -16,6 +16,7 @@
gen_require(`
type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
@@ -28318,9 +28499,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- typeattribute $1 xserver_unconfined_type;
+ dontaudit $1 xdm_home_t:file rw_file_perms;
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.6/policy/modules/services/xserver.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.7/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/xserver.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/xserver.te 2008-09-08 10:19:45.000000000 -0400
@@ -8,6 +8,14 @@
## <desc>
@@ -28818,18 +28999,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.fc serefpolicy-3.5.6/policy/modules/services/zabbix.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.fc serefpolicy-3.5.7/policy/modules/services/zabbix.fc
--- nsaserefpolicy/policy/modules/services/zabbix.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/zabbix.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/zabbix.fc 2008-09-08 10:19:45.000000000 -0400
@@ -3,3 +3,5 @@
/var/log/zabbix(/.*)? gen_context(system_u:object_r:zabbix_log_t,s0)
/var/run/zabbix(/.*)? gen_context(system_u:object_r:zabbix_var_run_t,s0)
+
+/etc/rc\.d/init\.d/zabbix -- gen_context(system_u:object_r:zabbix_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.if serefpolicy-3.5.6/policy/modules/services/zabbix.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.if serefpolicy-3.5.7/policy/modules/services/zabbix.if
--- nsaserefpolicy/policy/modules/services/zabbix.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/zabbix.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/zabbix.if 2008-09-08 10:19:45.000000000 -0400
@@ -79,6 +79,25 @@
########################################
@@ -28882,9 +29063,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, zabbix_var_run_t, zabbix_var_run_t)
+ admin_pattern($1, zabbix_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-3.5.6/policy/modules/services/zabbix.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-3.5.7/policy/modules/services/zabbix.te
--- nsaserefpolicy/policy/modules/services/zabbix.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/zabbix.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/zabbix.te 2008-09-08 10:19:45.000000000 -0400
@@ -18,6 +18,9 @@
type zabbix_var_run_t;
files_pid_file(zabbix_var_run_t)
@@ -28895,9 +29076,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# zabbix local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.fc serefpolicy-3.5.6/policy/modules/services/zebra.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.fc serefpolicy-3.5.7/policy/modules/services/zebra.fc
--- nsaserefpolicy/policy/modules/services/zebra.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/zebra.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/zebra.fc 2008-09-08 10:19:45.000000000 -0400
@@ -14,3 +14,10 @@
/var/run/\.zebra -s gen_context(system_u:object_r:zebra_var_run_t,s0)
/var/run/\.zserv -s gen_context(system_u:object_r:zebra_var_run_t,s0)
@@ -28909,9 +29090,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/rc\.d/init\.d/ripd -- gen_context(system_u:object_r:zebra_script_exec_t,s0)
+/etc/rc\.d/init\.d/ripngd -- gen_context(system_u:object_r:zebra_script_exec_t,s0)
+/etc/rc\.d/init\.d/zebra -- gen_context(system_u:object_r:zebra_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.5.6/policy/modules/services/zebra.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.5.7/policy/modules/services/zebra.if
--- nsaserefpolicy/policy/modules/services/zebra.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/zebra.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/zebra.if 2008-09-08 10:19:45.000000000 -0400
@@ -24,6 +24,26 @@
########################################
@@ -28973,9 +29154,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, zebra_var_run_t, zebra_var_run_t)
+ admin_pattern($1, zebra_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-3.5.6/policy/modules/services/zebra.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-3.5.7/policy/modules/services/zebra.te
--- nsaserefpolicy/policy/modules/services/zebra.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/services/zebra.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/services/zebra.te 2008-09-08 10:19:45.000000000 -0400
@@ -30,6 +30,9 @@
type zebra_var_run_t;
files_pid_file(zebra_var_run_t)
@@ -29003,9 +29184,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_kernel_sysctls(zebra_t)
kernel_rw_net_sysctls(zebra_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.5.6/policy/modules/system/application.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.5.7/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/application.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/application.te 2008-09-08 10:19:45.000000000 -0400
@@ -7,6 +7,12 @@
# Executables to be run by user
attribute application_exec_type;
@@ -29019,9 +29200,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
ssh_sigchld(application_domain_type)
ssh_rw_stream_sockets(application_domain_type)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.5.6/policy/modules/system/authlogin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.5.7/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/authlogin.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/authlogin.fc 2008-09-08 10:19:45.000000000 -0400
@@ -7,12 +7,10 @@
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
@@ -29048,9 +29229,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
+
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.5.6/policy/modules/system/authlogin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.5.7/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/authlogin.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/authlogin.if 2008-09-08 10:19:45.000000000 -0400
@@ -56,10 +56,6 @@
miscfiles_read_localization($1_chkpwd_t)
@@ -29311,9 +29492,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ manage_files_pattern($1, auth_cache_t, auth_cache_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.5.6/policy/modules/system/authlogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.5.7/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/authlogin.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/authlogin.te 2008-09-08 10:19:45.000000000 -0400
@@ -59,6 +59,9 @@
type utempter_exec_t;
application_domain(utempter_t,utempter_exec_t)
@@ -29413,9 +29594,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
xserver_use_xdm_fds(utempter_t)
xserver_rw_xdm_pipes(utempter_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.5.6/policy/modules/system/fstools.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.5.7/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/fstools.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/fstools.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -29429,9 +29610,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/sbin/parted -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.5.6/policy/modules/system/fstools.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.5.7/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2008-08-14 10:07:04.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/fstools.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/fstools.te 2008-09-08 10:19:45.000000000 -0400
@@ -97,6 +97,10 @@
fs_getattr_tmpfs_dirs(fsadm_t)
fs_read_tmpfs_symlinks(fsadm_t)
@@ -29453,9 +29634,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(fsadm_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.5.6/policy/modules/system/hostname.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.5.7/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/hostname.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/hostname.te 2008-09-08 10:19:45.000000000 -0400
@@ -8,7 +8,9 @@
type hostname_t;
@@ -29467,9 +29648,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
role system_r types hostname_t;
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.5.6/policy/modules/system/init.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.5.7/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/init.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/init.fc 2008-09-08 10:19:45.000000000 -0400
@@ -4,8 +4,7 @@
/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -29489,9 +29670,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /var
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.5.6/policy/modules/system/init.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.5.7/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/init.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/init.if 2008-09-08 10:19:45.000000000 -0400
@@ -278,6 +278,27 @@
kernel_dontaudit_use_fds($1)
')
@@ -29745,9 +29926,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ range_transition $1 $2:process s0 - mls_systemhigh;
+ ')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.5.6/policy/modules/system/init.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.5.7/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/init.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/init.te 2008-09-08 10:19:45.000000000 -0400
@@ -17,6 +17,20 @@
## </desc>
gen_tunable(init_upstart,false)
@@ -29839,7 +30020,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
can_exec(initrc_t, init_script_file_type)
-@@ -276,7 +303,7 @@
+@@ -232,6 +259,7 @@
+
+ allow initrc_t initrc_var_run_t:file manage_file_perms;
+ files_pid_filetrans(initrc_t,initrc_var_run_t,file)
++files_manage_generic_pids_symlinks(initrc_t)
+
+ can_exec(initrc_t,initrc_tmp_t)
+ allow initrc_t initrc_tmp_t:file manage_file_perms;
+@@ -276,7 +304,7 @@
dev_read_sound_mixer(initrc_t)
dev_write_sound_mixer(initrc_t)
dev_setattr_all_chr_files(initrc_t)
@@ -29848,7 +30037,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_delete_lvm_control_dev(initrc_t)
dev_manage_generic_symlinks(initrc_t)
dev_manage_generic_files(initrc_t)
-@@ -521,6 +548,31 @@
+@@ -521,6 +549,31 @@
')
')
@@ -29880,7 +30069,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -579,6 +631,10 @@
+@@ -579,6 +632,10 @@
dbus_read_config(initrc_t)
optional_policy(`
@@ -29891,7 +30080,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
networkmanager_dbus_chat(initrc_t)
')
')
-@@ -664,12 +720,6 @@
+@@ -664,12 +721,6 @@
mta_read_config(initrc_t)
mta_dontaudit_read_spool_symlinks(initrc_t)
')
@@ -29904,7 +30093,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
ifdef(`distro_redhat',`
-@@ -730,6 +780,9 @@
+@@ -730,6 +781,9 @@
# why is this needed:
rpm_manage_db(initrc_t)
@@ -29914,7 +30103,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -742,10 +795,12 @@
+@@ -742,10 +796,12 @@
squid_manage_logs(initrc_t)
')
@@ -29927,7 +30116,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -763,6 +818,11 @@
+@@ -763,6 +819,11 @@
uml_setattr_util_sockets(initrc_t)
')
@@ -29939,7 +30128,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
unconfined_domain(initrc_t)
-@@ -777,6 +837,10 @@
+@@ -777,6 +838,10 @@
')
optional_policy(`
@@ -29950,7 +30139,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
vmware_read_system_config(initrc_t)
vmware_append_system_config(initrc_t)
')
-@@ -799,3 +863,11 @@
+@@ -799,3 +864,11 @@
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -29962,9 +30151,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ xserver_rw_xdm_home_files(daemon)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.5.6/policy/modules/system/iscsi.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.5.7/policy/modules/system/iscsi.te
--- nsaserefpolicy/policy/modules/system/iscsi.te 2008-08-11 11:23:34.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/iscsi.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/iscsi.te 2008-09-08 10:19:45.000000000 -0400
@@ -28,7 +28,7 @@
# iscsid local policy
#
@@ -29974,9 +30163,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow iscsid_t self:process { setrlimit setsched signal };
allow iscsid_t self:fifo_file { read write };
allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.6/policy/modules/system/libraries.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.7/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/libraries.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/libraries.fc 2008-09-08 10:19:45.000000000 -0400
@@ -66,6 +66,8 @@
/opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/(.*/)?jre/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
@@ -30031,7 +30220,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -291,6 +297,8 @@
+@@ -267,6 +273,8 @@
+ /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
++/usr/lib(64)?/(virtualbox(-ose)?/)?(components/)?VBox.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
+ # Java, Sun Microsystems (JPackage SRPM)
+ /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -291,6 +299,8 @@
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30040,7 +30238,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') dnl end distro_redhat
#
-@@ -310,3 +318,13 @@
+@@ -310,3 +320,13 @@
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
@@ -30054,9 +30252,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/oracle/.*/lib/libnnz10\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+/opt/novell/groupwise/client/lib/libgwapijni\.so\.1 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.5.6/policy/modules/system/libraries.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.5.7/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2008-08-13 15:24:56.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/libraries.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/libraries.te 2008-09-08 10:19:45.000000000 -0400
@@ -52,11 +52,11 @@
# ldconfig local policy
#
@@ -30113,9 +30311,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(ldconfig_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.5.6/policy/modules/system/locallogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.5.7/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/locallogin.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/locallogin.te 2008-09-08 10:19:45.000000000 -0400
@@ -100,7 +100,6 @@
auth_rw_login_records(local_login_t)
@@ -30184,9 +30382,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-optional_policy(`
- nscd_socket_use(sulogin_t)
-')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.5.6/policy/modules/system/logging.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.5.7/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/logging.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/logging.fc 2008-09-08 10:19:45.000000000 -0400
@@ -63,3 +63,6 @@
/var/spool/postfix/pid -d gen_context(system_u:object_r:var_run_t,s0)
@@ -30194,9 +30392,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_script_exec_t,s0)
+/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.6/policy/modules/system/logging.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.7/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-09-03 14:55:50.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/logging.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/logging.if 2008-09-08 10:19:45.000000000 -0400
@@ -281,7 +281,7 @@
role system_r types $1;
@@ -30308,9 +30506,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- logging_admin_syslog($1)
+ logging_admin_syslog($1, $2, $3)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.5.6/policy/modules/system/logging.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.5.7/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2008-09-03 10:17:00.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/logging.te 2008-09-04 08:47:19.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/logging.te 2008-09-08 10:19:45.000000000 -0400
@@ -72,6 +72,12 @@
logging_log_file(var_log_t)
files_mountpoint(var_log_t)
@@ -30340,9 +30538,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(audisp_remote_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.5.6/policy/modules/system/lvm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.5.7/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/lvm.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/lvm.fc 2008-09-08 10:19:45.000000000 -0400
@@ -55,6 +55,7 @@
/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -30356,9 +30554,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
+/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.5.6/policy/modules/system/lvm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.5.7/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/lvm.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/lvm.te 2008-09-08 10:19:45.000000000 -0400
@@ -13,6 +13,9 @@
type clvmd_var_run_t;
files_pid_file(clvmd_var_run_t)
@@ -30539,9 +30737,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xen_append_log(lvm_t)
+ xen_dontaudit_rw_unix_stream_sockets(lvm_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.5.6/policy/modules/system/modutils.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.5.7/policy/modules/system/modutils.if
--- nsaserefpolicy/policy/modules/system/modutils.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/modutils.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/modutils.if 2008-09-08 10:19:45.000000000 -0400
@@ -66,6 +66,25 @@
########################################
@@ -30576,9 +30774,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.5.6/policy/modules/system/modutils.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.5.7/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/modutils.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/modutils.te 2008-09-08 10:19:45.000000000 -0400
@@ -22,6 +22,8 @@
type insmod_exec_t;
application_domain(insmod_t,insmod_exec_t)
@@ -30717,9 +30915,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
#################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.5.6/policy/modules/system/mount.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.5.7/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/mount.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/mount.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,4 +1,6 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -30728,9 +30926,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/sbin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
+/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.5.6/policy/modules/system/mount.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.5.7/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/mount.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/mount.if 2008-09-08 10:19:45.000000000 -0400
@@ -49,6 +49,8 @@
mount_domtrans($1)
role $2 types mount_t;
@@ -30740,9 +30938,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
samba_run_smbmount($1, $2, $3)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.5.6/policy/modules/system/mount.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.5.7/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/mount.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/mount.te 2008-09-08 10:19:45.000000000 -0400
@@ -18,17 +18,18 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -30901,9 +31099,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ hal_rw_pipes(mount_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.5.6/policy/modules/system/raid.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.5.7/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/raid.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/raid.te 2008-09-08 10:19:45.000000000 -0400
@@ -39,6 +39,7 @@
dev_dontaudit_getattr_generic_files(mdadm_t)
dev_dontaudit_getattr_generic_chr_files(mdadm_t)
@@ -30912,9 +31110,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_search_auto_mountpoints(mdadm_t)
fs_dontaudit_list_tmpfs(mdadm_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.5.6/policy/modules/system/selinuxutil.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.5.7/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/selinuxutil.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/selinuxutil.fc 2008-09-08 10:19:45.000000000 -0400
@@ -38,7 +38,7 @@
/usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0)
/usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0)
@@ -30933,9 +31131,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+# /var/lib
+#
+/var/lib/selinux(/.*)? gen_context(system_u:object_r:selinux_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.5.6/policy/modules/system/selinuxutil.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.5.7/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/selinuxutil.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/selinuxutil.if 2008-09-08 10:19:45.000000000 -0400
@@ -555,6 +555,59 @@
########################################
@@ -31396,9 +31594,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ hotplug_use_fds($1)
+')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.5.6/policy/modules/system/selinuxutil.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.5.7/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/selinuxutil.te 2008-09-04 16:04:28.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/selinuxutil.te 2008-09-08 10:19:45.000000000 -0400
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -31580,12 +31778,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# netfilter_contexts:
seutil_manage_default_contexts(semanage_t)
-@@ -501,12 +464,25 @@
+@@ -501,12 +464,27 @@
files_read_var_lib_symlinks(semanage_t)
')
+optional_policy(`
+ setrans_script_domtrans(semanage_t)
++ domain_system_change_exemption(semanage_t)
++ consoletype_exec(semanage_t)
+')
+
+optional_policy(`
@@ -31606,7 +31806,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# cjp: need a more general way to handle this:
ifdef(`enable_mls',`
# read secadm tmp files
-@@ -514,121 +490,42 @@
+@@ -514,121 +492,42 @@
# Handle pp files created in homedir and /tmp
sysadm_read_home_content_files(semanage_t)
sysadm_read_tmp_files(semanage_t)
@@ -31751,18 +31951,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- hotplug_use_fds(setfiles_t)
+ unconfined_domain(setfiles_mac_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-3.5.6/policy/modules/system/setrans.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-3.5.7/policy/modules/system/setrans.fc
--- nsaserefpolicy/policy/modules/system/setrans.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/setrans.fc 2008-09-04 16:00:18.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/setrans.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,3 +1,5 @@
/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0)
/var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
+
+/etc/rc\.d/init\.d/mcstrans -- gen_context(system_u:object_r:setrans_script_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.5.6/policy/modules/system/setrans.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.5.7/policy/modules/system/setrans.if
--- nsaserefpolicy/policy/modules/system/setrans.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/setrans.if 2008-09-04 16:01:16.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/setrans.if 2008-09-08 10:19:45.000000000 -0400
@@ -21,3 +21,23 @@
stream_connect_pattern($1,setrans_var_run_t,setrans_var_run_t,setrans_t)
files_list_pids($1)
@@ -31787,9 +31987,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ init_script_domtrans_spec($1, setrans_script_exec_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.5.6/policy/modules/system/setrans.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.5.7/policy/modules/system/setrans.te
--- nsaserefpolicy/policy/modules/system/setrans.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/setrans.te 2008-09-04 15:59:46.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/setrans.te 2008-09-08 10:19:45.000000000 -0400
@@ -14,6 +14,9 @@
files_pid_file(setrans_var_run_t)
mls_trusted_object(setrans_var_run_t)
@@ -31817,18 +32017,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
selinux_compute_access_vector(setrans_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.5.6/policy/modules/system/sysnetwork.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.5.7/policy/modules/system/sysnetwork.fc
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/sysnetwork.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/sysnetwork.fc 2008-09-08 10:19:45.000000000 -0400
@@ -57,3 +57,5 @@
ifdef(`distro_gentoo',`
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
')
+
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.5.6/policy/modules/system/sysnetwork.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.5.7/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/sysnetwork.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/sysnetwork.if 2008-09-08 10:19:45.000000000 -0400
@@ -553,6 +553,7 @@
type net_conf_t;
')
@@ -31907,9 +32107,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ role_transition $1 dhcpc_exec_t system_r;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.5.6/policy/modules/system/sysnetwork.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.5.7/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-08-11 11:23:34.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/sysnetwork.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/sysnetwork.te 2008-09-08 10:19:45.000000000 -0400
@@ -20,6 +20,10 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -32091,9 +32291,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_xen_state(ifconfig_t)
kernel_write_xen_state(ifconfig_t)
xen_append_log(ifconfig_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.5.6/policy/modules/system/udev.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.5.7/policy/modules/system/udev.if
--- nsaserefpolicy/policy/modules/system/udev.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/udev.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/udev.if 2008-09-08 10:19:45.000000000 -0400
@@ -96,6 +96,24 @@
########################################
@@ -32147,9 +32347,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- allow $1 udev_tdb_t:file rw_file_perms;
+ allow $1 udev_tbl_t:file rw_file_perms;
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.5.6/policy/modules/system/udev.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.5.7/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/udev.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/udev.te 2008-09-08 10:19:45.000000000 -0400
@@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t)
@@ -32205,9 +32405,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
xserver_read_xdm_pid(udev_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.6/policy/modules/system/unconfined.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.7/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/unconfined.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/unconfined.fc 2008-09-08 10:19:45.000000000 -0400
@@ -2,15 +2,11 @@
# e.g.:
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -32246,9 +32446,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/libexec/ghc-[^/]+/ghc-.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.6/policy/modules/system/unconfined.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.7/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/unconfined.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/unconfined.if 2008-09-08 10:19:45.000000000 -0400
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -32592,9 +32792,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ userdom_role_change_template(unconfined, $1)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.6/policy/modules/system/unconfined.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.7/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/unconfined.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/unconfined.te 2008-09-08 10:19:45.000000000 -0400
@@ -1,40 +1,80 @@
-policy_module(unconfined, 2.3.1)
@@ -32929,9 +33129,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+# Allow SELinux aware applications to request rpm_script execution
+rpm_transition_script(unconfined_notrans_t)
+domain_ptrace_all_domains(unconfined_notrans_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.5.6/policy/modules/system/userdomain.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.5.7/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/userdomain.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/userdomain.fc 2008-09-08 10:19:45.000000000 -0400
@@ -1,4 +1,5 @@
-HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
-HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
@@ -32942,9 +33142,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
+/tmp/gconfd-USER -d gen_context(system_u:object_r:user_tmp_t,s0)
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.6/policy/modules/system/userdomain.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.7/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/userdomain.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/userdomain.if 2008-09-08 10:19:45.000000000 -0400
@@ -28,10 +28,14 @@
class context contains;
')
@@ -35504,9 +35704,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ dontaudit $1 user_home_t:file unlink;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.6/policy/modules/system/userdomain.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.7/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/userdomain.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/userdomain.te 2008-09-08 10:19:45.000000000 -0400
@@ -8,13 +8,6 @@
## <desc>
@@ -35621,9 +35821,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ manage_fifo_files_pattern(privhome, cifs_t, cifs_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.6/policy/modules/system/xen.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.7/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/xen.fc 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/xen.fc 2008-09-08 10:19:45.000000000 -0400
@@ -20,6 +20,7 @@
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
@@ -35632,9 +35832,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0)
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.6/policy/modules/system/xen.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.7/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/xen.if 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/xen.if 2008-09-08 10:19:45.000000000 -0400
@@ -167,11 +167,14 @@
#
interface(`xen_stream_connect',`
@@ -35676,9 +35876,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 xend_var_lib_t:dir search_dir_perms;
+ rw_files_pattern($1, xen_image_t, xen_image_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.6/policy/modules/system/xen.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.7/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.6/policy/modules/system/xen.te 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/modules/system/xen.te 2008-09-08 10:19:45.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -35915,9 +36115,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(xend_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.5.6/policy/support/file_patterns.spt
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.5.7/policy/support/file_patterns.spt
--- nsaserefpolicy/policy/support/file_patterns.spt 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/support/file_patterns.spt 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/support/file_patterns.spt 2008-09-08 10:19:45.000000000 -0400
@@ -537,3 +537,18 @@
allow $1 $2:dir rw_dir_perms;
type_transition $1 $2:$4 $3;
@@ -35937,9 +36137,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ relabel_sock_files_pattern($1,$2,$2)
+
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.6/policy/support/obj_perm_sets.spt
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.7/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/support/obj_perm_sets.spt 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/support/obj_perm_sets.spt 2008-09-08 10:19:45.000000000 -0400
@@ -316,3 +316,13 @@
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
@@ -35954,9 +36154,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.6/policy/users
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.7/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.6/policy/users 2008-09-03 15:55:23.000000000 -0400
++++ serefpolicy-3.5.7/policy/users 2008-09-08 10:19:45.000000000 -0400
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
diff --git a/selinux-policy.spec b/selinux-policy.spec
index ee68dbb..166e57d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -16,8 +16,8 @@
%define CHECKPOLICYVER 2.0.16-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.5.6
-Release: 2%{?dist}
+Version: 3.5.7
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -290,6 +290,7 @@ __eof
restorecon -R /root /var/log /var/run 2> /dev/null
else
semodule -s targeted -r moilscanner 2>/dev/null
+semodule -s targeted -r gamin 2>/dev/null
%loadpolicy targeted
%relabel targeted
fi
@@ -380,6 +381,9 @@ exit 0
%endif
%changelog
+* Fri Sep 5 2008 Dan Walsh <dwalsh@redhat.com> 3.5.7-1
+- Remove gamin policy
+
* Thu Sep 4 2008 Dan Walsh <dwalsh@redhat.com> 3.5.6-2
- Add tinyxs-max file system support
diff --git a/sources b/sources
index 50b926d..a615848 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3df6acf59f55a2b00b7757111baf474d serefpolicy-3.5.6.tgz
+08cbc69d40ae75771c6201f2812a2eba serefpolicy-3.5.7.tgz