diff --git a/.cvsignore b/.cvsignore
index 9053fff..73061b7 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -163,3 +163,4 @@ serefpolicy-3.6.5.tgz
serefpolicy-3.6.6.tgz
serefpolicy-3.6.7.tgz
serefpolicy-3.6.8.tgz
+serefpolicy-3.6.9.tgz
diff --git a/nsadiff b/nsadiff
index 3557048..68fd9bf 100755
--- a/nsadiff
+++ b/nsadiff
@@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.8 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.9 > /tmp/diff
diff --git a/policy-20090105.patch b/policy-20090105.patch
index d88174a..f4594fd 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -1,6 +1,6 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.6.8/config/appconfig-mcs/default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.6.9/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -22,15 +22,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.6.8/config/appconfig-mcs/failsafe_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.6.9/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.8/config/appconfig-mcs/failsafe_context 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/failsafe_context 2009-03-12 11:23:09.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.6.9/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/guest_u_default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/guest_u_default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,6 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -38,9 +38,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:crond_t:s0 guest_r:guest_t:s0
+system_r:initrc_su_t:s0 guest_r:guest_t:s0
+guest_r:guest_t:s0 guest_r:guest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.6.9/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/root_default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/root_default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -1,11 +1,7 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -55,18 +55,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.6.8/config/appconfig-mcs/seusers
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.6.9/config/appconfig-mcs/seusers
--- nsaserefpolicy/config/appconfig-mcs/seusers 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.8/config/appconfig-mcs/seusers 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/seusers 2009-03-12 11:23:09.000000000 -0400
@@ -1,3 +1,3 @@
system_u:system_u:s0-mcs_systemhigh
-root:root:s0-mcs_systemhigh
-__default__:user_u:s0
+root:unconfined_u:s0-mcs_systemhigh
+__default__:unconfined_u:s0-mcs_systemhigh
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/staff_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.6.9/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/staff_u_default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/staff_u_default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -1,10 +1,12 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -81,9 +81,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/unconfined_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.6.9/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/unconfined_u_default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/unconfined_u_default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -1,4 +1,4 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 unconfined_r:unconfined_cronjob_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0
@@ -97,15 +97,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:initrc_su_t:s0 unconfined_r:unconfined_t:s0
+unconfined_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.6.8/config/appconfig-mcs/userhelper_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.6.9/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.8/config/appconfig-mcs/userhelper_context 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/userhelper_context 2009-03-12 11:23:09.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/user_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.6.9/config/appconfig-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/user_u_default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/user_u_default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -1,8 +1,9 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -118,19 +118,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
-
+system_r:initrc_su_t:s0 user_r:user_t:s0
+user_r:user_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_domain_context serefpolicy-3.6.8/config/appconfig-mcs/virtual_domain_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_domain_context serefpolicy-3.6.9/config/appconfig-mcs/virtual_domain_context
--- nsaserefpolicy/config/appconfig-mcs/virtual_domain_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/virtual_domain_context 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/virtual_domain_context 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+system_u:system_r:svirt_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_image_context serefpolicy-3.6.8/config/appconfig-mcs/virtual_image_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_image_context serefpolicy-3.6.9/config/appconfig-mcs/virtual_image_context
--- nsaserefpolicy/config/appconfig-mcs/virtual_image_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/virtual_image_context 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/virtual_image_context 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+system_u:object_r:virt_image_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.6.8/config/appconfig-mcs/xguest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.6.9/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mcs/xguest_u_default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mcs/xguest_u_default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -139,9 +139,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:xdm_t xguest_r:xguest_t:s0
+system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.6.8/config/appconfig-mls/default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.6.9/config/appconfig-mls/default_contexts
--- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mls/default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -163,17 +163,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.6.8/config/appconfig-mls/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.6.9/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/guest_u_default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mls/guest_u_default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.6.8/config/appconfig-mls/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.6.9/config/appconfig-mls/root_default_contexts
--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/root_default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mls/root_default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -1,11 +1,11 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -192,19 +192,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_domain_context serefpolicy-3.6.8/config/appconfig-mls/virtual_domain_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_domain_context serefpolicy-3.6.9/config/appconfig-mls/virtual_domain_context
--- nsaserefpolicy/config/appconfig-mls/virtual_domain_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/virtual_domain_context 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mls/virtual_domain_context 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+system_u:system_r:qemu_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_image_context serefpolicy-3.6.8/config/appconfig-mls/virtual_image_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_image_context serefpolicy-3.6.9/config/appconfig-mls/virtual_image_context
--- nsaserefpolicy/config/appconfig-mls/virtual_image_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/virtual_image_context 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mls/virtual_image_context 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+system_u:object_r:virt_image_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.6.8/config/appconfig-mls/xguest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.6.9/config/appconfig-mls/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/config/appconfig-mls/xguest_u_default_contexts 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/config/appconfig-mls/xguest_u_default_contexts 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -213,9 +213,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:xdm_t xguest_r:xguest_t:s0
+system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.8/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.9/Makefile
--- nsaserefpolicy/Makefile 2009-01-19 11:07:35.000000000 -0500
-+++ serefpolicy-3.6.8/Makefile 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/Makefile 2009-03-12 11:23:09.000000000 -0400
@@ -241,7 +241,7 @@
appdir := $(contextpath)
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -278,9 +278,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Mak
$(appdir)/%: $(appconf)/%
@mkdir -p $(appdir)
$(verbose) $(INSTALL) -m 644 $< $@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.6.8/man/man8/httpd_selinux.8
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.6.9/man/man8/httpd_selinux.8
--- nsaserefpolicy/man/man8/httpd_selinux.8 2009-03-05 09:22:34.000000000 -0500
-+++ serefpolicy-3.6.8/man/man8/httpd_selinux.8 2009-03-10 09:36:15.000000000 -0400
++++ serefpolicy-3.6.9/man/man8/httpd_selinux.8 2009-03-12 11:23:09.000000000 -0400
@@ -22,7 +22,7 @@
.EX
httpd_sys_content_t
@@ -304,22 +304,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man
.EX
httpd_unconfined_script_exec_t
.EE
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.6.8/policy/flask/access_vectors
---- nsaserefpolicy/policy/flask/access_vectors 2009-03-05 10:02:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/flask/access_vectors 2009-03-10 08:25:54.000000000 -0400
-@@ -157,6 +157,9 @@
-
- class sock_file
- inherits file
-+{
-+ open
-+}
-
- class fifo_file
- inherits file
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.6.8/policy/global_tunables
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.6.9/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/global_tunables 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/global_tunables 2009-03-12 11:23:09.000000000 -0400
@@ -61,15 +61,6 @@
## <desc>
@@ -349,9 +336,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+gen_tunable(allow_console_login,false)
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.8/policy/mcs
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.9/policy/mcs
--- nsaserefpolicy/policy/mcs 2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/mcs 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/mcs 2009-03-12 11:23:09.000000000 -0400
@@ -67,7 +67,8 @@
# Note that getattr on files is always permitted.
#
@@ -389,20 +376,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mlsconstrain process { transition dyntransition }
(( h1 dom h2 ) or ( t1 == mcssetcats ));
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.6.8/policy/modules/admin/alsa.te
---- nsaserefpolicy/policy/modules/admin/alsa.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/alsa.te 2009-03-10 08:25:54.000000000 -0400
-@@ -43,6 +43,7 @@
-
- dev_read_sound(alsa_t)
- dev_write_sound(alsa_t)
-+dev_read_sysfs(alsa_t)
-
- corecmd_exec_bin(alsa_t)
-
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.6.8/policy/modules/admin/anaconda.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.6.9/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/anaconda.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/anaconda.te 2009-03-12 11:23:09.000000000 -0400
@@ -31,6 +31,7 @@
modutils_domtrans_insmod(anaconda_t)
@@ -411,9 +387,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.6.8/policy/modules/admin/certwatch.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.6.9/policy/modules/admin/certwatch.te
--- nsaserefpolicy/policy/modules/admin/certwatch.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/certwatch.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/certwatch.te 2009-03-12 11:23:09.000000000 -0400
@@ -27,15 +27,20 @@
fs_list_inotifyfs(certwatch_t)
@@ -435,29 +411,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.6.8/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/consoletype.te 2009-03-10 08:25:54.000000000 -0400
-@@ -18,7 +18,7 @@
- # Local declarations
- #
-
--allow consoletype_t self:capability sys_admin;
-+allow consoletype_t self:capability { sys_admin sys_tty_config };
- allow consoletype_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
- allow consoletype_t self:fd use;
- allow consoletype_t self:fifo_file rw_fifo_file_perms;
-@@ -38,6 +38,7 @@
- fs_getattr_all_fs(consoletype_t)
- fs_search_auto_mountpoints(consoletype_t)
- fs_write_nfs_files(consoletype_t)
-+fs_list_inotifyfs(consoletype_t)
-
- mls_file_read_all_levels(consoletype_t)
- mls_file_write_all_levels(consoletype_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.6.8/policy/modules/admin/kismet.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.6.9/policy/modules/admin/kismet.if
--- nsaserefpolicy/policy/modules/admin/kismet.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/kismet.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/kismet.if 2009-03-12 11:23:09.000000000 -0400
@@ -16,6 +16,7 @@
')
@@ -466,9 +422,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.8/policy/modules/admin/kismet.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.9/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/kismet.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/kismet.te 2009-03-12 11:23:09.000000000 -0400
@@ -14,27 +14,36 @@
type kismet_var_run_t;
files_pid_file(kismet_var_run_t)
@@ -534,9 +490,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_use_user_terminals(kismet_t)
+userdom_read_user_tmpfs_files(kismet_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.6.8/policy/modules/admin/logrotate.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.6.9/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/logrotate.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/logrotate.te 2009-03-12 11:23:09.000000000 -0400
@@ -116,8 +116,9 @@
seutil_dontaudit_read_config(logrotate_t)
@@ -555,9 +511,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- squid_signal(logrotate_t)
+ squid_domtrans(logrotate_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.6.8/policy/modules/admin/logwatch.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.6.9/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/logwatch.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/logwatch.te 2009-03-12 11:23:09.000000000 -0400
@@ -43,6 +43,8 @@
kernel_read_fs_sysctls(logwatch_t)
kernel_read_kernel_sysctls(logwatch_t)
@@ -627,9 +583,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
samba_read_log(logwatch_t)
+ samba_read_share_files(logwatch_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.6.8/policy/modules/admin/mrtg.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.6.9/policy/modules/admin/mrtg.te
--- nsaserefpolicy/policy/modules/admin/mrtg.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/mrtg.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/mrtg.te 2009-03-12 11:23:09.000000000 -0400
@@ -116,6 +116,7 @@
userdom_use_user_terminals(mrtg_t)
userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -638,26 +594,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`enable_mls',`
corenet_udp_sendrecv_lo_if(mrtg_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.6.8/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/netutils.te 2009-03-10 08:25:54.000000000 -0400
-@@ -128,6 +128,8 @@
- files_read_etc_files(ping_t)
- files_dontaudit_search_var(ping_t)
-
-+kernel_read_system_state(ping_t)
-+
- auth_use_nsswitch(ping_t)
-
- logging_send_syslog_msg(ping_t)
-@@ -146,6 +148,14 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.6.9/policy/modules/admin/netutils.te
+--- nsaserefpolicy/policy/modules/admin/netutils.te 2009-03-12 11:16:47.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/netutils.te 2009-03-12 11:23:09.000000000 -0400
+@@ -152,6 +152,10 @@
')
optional_policy(`
-+ munin_append_log(ping_t)
-+')
-+
-+optional_policy(`
+ nagios_dontaudit_rw_pipes(ping_t)
+')
+
@@ -665,18 +608,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
pcmcia_use_cardmgr_fds(ping_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.6.8/policy/modules/admin/prelink.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.6.9/policy/modules/admin/prelink.fc
--- nsaserefpolicy/policy/modules/admin/prelink.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/admin/prelink.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/prelink.fc 2009-03-12 11:23:09.000000000 -0400
@@ -5,3 +5,5 @@
/var/log/prelink\.log -- gen_context(system_u:object_r:prelink_log_t,s0)
/var/log/prelink(/.*)? gen_context(system_u:object_r:prelink_log_t,s0)
+
+/var/lib/misc/prelink\* -- gen_context(system_u:object_r:prelink_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.6.8/policy/modules/admin/prelink.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.6.9/policy/modules/admin/prelink.if
--- nsaserefpolicy/policy/modules/admin/prelink.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/prelink.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/prelink.if 2009-03-12 11:23:09.000000000 -0400
@@ -120,3 +120,23 @@
logging_search_logs($1)
manage_files_pattern($1, prelink_log_t, prelink_log_t)
@@ -701,9 +644,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_search_var_lib($1)
+ manage_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.8/policy/modules/admin/prelink.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.9/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/prelink.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/prelink.te 2009-03-12 11:23:09.000000000 -0400
@@ -21,12 +21,15 @@
type prelink_tmp_t;
files_tmp_file(prelink_tmp_t)
@@ -772,9 +715,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(prelink_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.8/policy/modules/admin/rpm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.9/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/admin/rpm.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/rpm.fc 2009-03-12 11:23:09.000000000 -0400
@@ -3,6 +3,7 @@
/usr/bin/smart -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -814,9 +757,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# SuSE
ifdef(`distro_suse', `
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.8/policy/modules/admin/rpm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.9/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/rpm.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/rpm.if 2009-03-12 11:23:09.000000000 -0400
@@ -146,6 +146,24 @@
########################################
@@ -1147,9 +1090,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 rpm_t:process signull;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.6.8/policy/modules/admin/rpm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.6.9/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/rpm.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/rpm.te 2009-03-12 11:23:09.000000000 -0400
@@ -31,6 +31,9 @@
files_type(rpm_var_lib_t)
typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -1365,9 +1308,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
java_domtrans_unconfined(rpm_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.8/policy/modules/admin/sudo.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.9/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/sudo.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/sudo.if 2009-03-12 11:23:09.000000000 -0400
@@ -32,6 +32,7 @@
gen_require(`
@@ -1503,9 +1446,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 sudodomain:process sigchld;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-3.6.8/policy/modules/admin/sudo.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-3.6.9/policy/modules/admin/sudo.te
--- nsaserefpolicy/policy/modules/admin/sudo.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/sudo.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/sudo.te 2009-03-12 11:23:09.000000000 -0400
@@ -4,6 +4,7 @@
########################################
#
@@ -1514,9 +1457,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type sudo_exec_t;
application_executable_file(sudo_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.6.8/policy/modules/admin/su.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.6.9/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/su.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/su.if 2009-03-12 11:23:09.000000000 -0400
@@ -90,15 +90,6 @@
miscfiles_read_localization($1_su_t)
@@ -1549,9 +1492,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_rhel4',`
domain_role_change_exemption($1_su_t)
domain_subj_id_change_exemption($1_su_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.8/policy/modules/admin/tmpreaper.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.9/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/tmpreaper.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/tmpreaper.te 2009-03-12 11:23:09.000000000 -0400
@@ -22,12 +22,16 @@
dev_read_urand(tmpreaper_t)
@@ -1596,9 +1539,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(tmpreaper_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.8/policy/modules/admin/usermanage.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.9/policy/modules/admin/usermanage.if
--- nsaserefpolicy/policy/modules/admin/usermanage.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/usermanage.if 2009-03-11 15:22:10.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/usermanage.if 2009-03-12 11:23:09.000000000 -0400
@@ -117,6 +117,24 @@
########################################
@@ -1632,9 +1575,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.8/policy/modules/admin/usermanage.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.9/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/usermanage.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/usermanage.te 2009-03-12 11:23:09.000000000 -0400
@@ -288,6 +288,7 @@
term_use_all_user_ttys(passwd_t)
term_use_all_user_ptys(passwd_t)
@@ -1680,52 +1623,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(useradd_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.if serefpolicy-3.6.8/policy/modules/admin/vbetool.if
---- nsaserefpolicy/policy/modules/admin/vbetool.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/admin/vbetool.if 2009-03-10 08:25:54.000000000 -0400
-@@ -18,3 +18,28 @@
- corecmd_search_bin($1)
- domtrans_pattern($1, vbetool_exec_t, vbetool_t)
- ')
-+
-+########################################
-+## <summary>
-+## Execute vbetool in the vbetool domain, and
-+## allow the specified role the vbetool domain.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+## <param name="role">
-+## <summary>
-+## The role to be allowed the vbetool domain.
-+## </summary>
-+## </param>
-+#
-+interface(`vbetool_run',`
-+ gen_require(`
-+ type vbetool_t;
-+ ')
-+
-+ vbetool_domtrans($1)
-+ role $2 types vbetool_t;
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.6.8/policy/modules/admin/vbetool.te
---- nsaserefpolicy/policy/modules/admin/vbetool.te 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/vbetool.te 2009-03-10 08:25:54.000000000 -0400
-@@ -23,6 +23,9 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.6.9/policy/modules/admin/vbetool.te
+--- nsaserefpolicy/policy/modules/admin/vbetool.te 2009-03-12 11:16:47.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/admin/vbetool.te 2009-03-12 11:23:09.000000000 -0400
+@@ -23,6 +23,7 @@
dev_rwx_zero(vbetool_t)
dev_read_sysfs(vbetool_t)
+domain_mmap_low_type(vbetool_t)
-+domain_mmap_low(vbetool_t)
-+
- term_use_unallocated_ttys(vbetool_t)
+ domain_mmap_low(vbetool_t)
- miscfiles_read_localization(vbetool_t)
-@@ -32,3 +35,9 @@
+ term_use_unallocated_ttys(vbetool_t)
+@@ -34,3 +35,9 @@
hal_write_log(vbetool_t)
hal_dontaudit_append_lib_files(vbetool_t)
')
@@ -1735,117 +1644,38 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_write_pid(vbetool_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.6.8/policy/modules/admin/vpn.if
---- nsaserefpolicy/policy/modules/admin/vpn.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/admin/vpn.if 2009-03-10 08:25:54.000000000 -0400
-@@ -47,6 +47,24 @@
-
- ########################################
- ## <summary>
-+## Send VPN clients the kill signal.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`vpn_kill',`
-+ gen_require(`
-+ type vpnc_t;
-+ ')
-+
-+ allow $1 vpnc_t:process sigkill;
-+')
-+
-+########################################
-+## <summary>
- ## Send generic signals to VPN clients.
- ## </summary>
- ## <param name="domain">
-@@ -65,6 +83,24 @@
-
- ########################################
- ## <summary>
-+## Send signull to VPN clients.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`vpn_signull',`
-+ gen_require(`
-+ type vpnc_t;
-+ ')
-+
-+ allow $1 vpnc_t:process signull;
-+')
-+
-+########################################
-+## <summary>
- ## Send and receive messages from
- ## Vpnc over dbus.
- ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord.fc serefpolicy-3.6.8/policy/modules/apps/cdrecord.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord.fc serefpolicy-3.6.9/policy/modules/apps/cdrecord.fc
--- nsaserefpolicy/policy/modules/apps/cdrecord.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/cdrecord.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/cdrecord.fc 2009-03-12 11:23:09.000000000 -0400
@@ -2,4 +2,5 @@
# /usr
#
/usr/bin/cdrecord -- gen_context(system_u:object_r:cdrecord_exec_t,s0)
+/usr/bin/growisoifs -- gen_context(system_u:object_r:cdrecord_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if serefpolicy-3.6.8/policy/modules/apps/games.if
---- nsaserefpolicy/policy/modules/apps/games.if 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/games.if 2009-03-10 08:25:54.000000000 -0400
-@@ -30,3 +30,22 @@
- ps_process_pattern($2, games_t)
- allow $2 games_t:process signal_perms;
- ')
-+
-+########################################
-+## <summary>
-+## Allow the specified domain to read/write
-+## games data.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`games_rw_data',`
-+ gen_require(`
-+ type games_data_t;
-+ ')
-+
-+ rw_files_pattern($1, games_data_t, games_data_t)
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/git.fc serefpolicy-3.6.8/policy/modules/apps/git.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/git.fc serefpolicy-3.6.9/policy/modules/apps/git.fc
--- nsaserefpolicy/policy/modules/apps/git.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/git.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/git.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,3 @@
+/var/cache/cgit(/.*)? gen_context(system_u:object_r:httpd_git_content_rw_t,s0)
+/var/www/cgi-bin/cgit -- gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
+/var/lib/git(/.*)? gen_context(system_u:object_r:httpd_git_content_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/git.if serefpolicy-3.6.8/policy/modules/apps/git.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/git.if serefpolicy-3.6.9/policy/modules/apps/git.if
--- nsaserefpolicy/policy/modules/apps/git.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/git.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/git.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+## <summary></summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/git.te serefpolicy-3.6.8/policy/modules/apps/git.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/git.te serefpolicy-3.6.9/policy/modules/apps/git.te
--- nsaserefpolicy/policy/modules/apps/git.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/git.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/git.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,4 @@
+policy_module(git, 1.0)
+
+apache_content_template(git)
+permissive httpd_git_script_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.8/policy/modules/apps/gnome.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.9/policy/modules/apps/gnome.fc
--- nsaserefpolicy/policy/modules/apps/gnome.fc 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gnome.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/gnome.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,8 +1,12 @@
HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:gnome_home_t,s0)
HOME_DIR/\.gconf(d)?(/.*)? gen_context(system_u:object_r:gconf_home_t,s0)
@@ -1860,9 +1690,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
+# Don't use because toolchain is broken
+#/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.6.8/policy/modules/apps/gnome.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.6.9/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gnome.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/gnome.if 2009-03-12 11:23:09.000000000 -0400
@@ -89,5 +89,154 @@
allow $1 gnome_home_t:dir manage_dir_perms;
@@ -2018,9 +1848,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ # Connect to pulseaudit server
+ stream_connect_pattern($1, gnome_home_t, gnome_home_t, $2)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.6.8/policy/modules/apps/gnome.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.6.9/policy/modules/apps/gnome.te
--- nsaserefpolicy/policy/modules/apps/gnome.te 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gnome.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/gnome.te 2009-03-12 11:23:09.000000000 -0400
@@ -9,16 +9,18 @@
attribute gnomedomain;
@@ -2049,9 +1879,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_user_home_content(gnome_home_t)
##############################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.6.8/policy/modules/apps/gpg.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.6.9/policy/modules/apps/gpg.fc
--- nsaserefpolicy/policy/modules/apps/gpg.fc 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gpg.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/gpg.fc 2009-03-12 11:23:09.000000000 -0400
@@ -5,5 +5,5 @@
/usr/bin/kgpg -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/bin/pinentry.* -- gen_context(system_u:object_r:pinentry_exec_t,s0)
@@ -2060,9 +1890,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
+/usr/lib(64)?/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
+/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.6.8/policy/modules/apps/gpg.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.6.9/policy/modules/apps/gpg.if
--- nsaserefpolicy/policy/modules/apps/gpg.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gpg.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/gpg.if 2009-03-12 11:23:09.000000000 -0400
@@ -30,7 +30,7 @@
# allow ps to show gpg
@@ -2090,9 +1920,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.6.8/policy/modules/apps/gpg.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.6.9/policy/modules/apps/gpg.te
--- nsaserefpolicy/policy/modules/apps/gpg.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/gpg.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/gpg.te 2009-03-12 11:23:09.000000000 -0400
@@ -60,7 +60,7 @@
allow gpg_t self:capability { ipc_lock setuid };
@@ -2190,9 +2020,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# GPG agent local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.6.8/policy/modules/apps/java.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.6.9/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/java.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/java.fc 2009-03-12 11:23:09.000000000 -0400
@@ -2,15 +2,16 @@
# /opt
#
@@ -2227,9 +2057,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/lib/opera(/.*)?/opera -- gen_context(system_u:object_r:java_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.6.8/policy/modules/apps/java.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.6.9/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/java.if 2009-03-11 15:31:03.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/java.if 2009-03-12 11:23:09.000000000 -0400
@@ -30,6 +30,7 @@
allow java_t $2:unix_stream_socket connectto;
@@ -2363,9 +2193,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_dontaudit_rw_tmpfs_files($1_java_t)
+ corecmd_bin_domtrans($1_java_t, $1_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.8/policy/modules/apps/java.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.9/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/java.te 2009-03-11 15:26:01.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/java.te 2009-03-12 11:23:09.000000000 -0400
@@ -20,6 +20,8 @@
typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
@@ -2419,15 +2249,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ rpm_domtrans(unconfined_java_t)
+ ')
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.6.8/policy/modules/apps/livecd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.6.9/policy/modules/apps/livecd.fc
--- nsaserefpolicy/policy/modules/apps/livecd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/livecd.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/livecd.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.6.8/policy/modules/apps/livecd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.6.9/policy/modules/apps/livecd.if
--- nsaserefpolicy/policy/modules/apps/livecd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/livecd.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/livecd.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,50 @@
+
+## <summary>policy for livecd</summary>
@@ -2479,9 +2309,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ seutil_run_setfiles_mac(livecd_t, $2)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.6.8/policy/modules/apps/livecd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.6.9/policy/modules/apps/livecd.te
--- nsaserefpolicy/policy/modules/apps/livecd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/livecd.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/livecd.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,26 @@
+policy_module(livecd, 1.0.0)
+
@@ -2509,20 +2339,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+seutil_domtrans_setfiles_mac(livecd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.6.8/policy/modules/apps/loadkeys.te
---- nsaserefpolicy/policy/modules/apps/loadkeys.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/loadkeys.te 2009-03-10 08:25:54.000000000 -0400
-@@ -40,6 +40,7 @@
- miscfiles_read_localization(loadkeys_t)
-
- userdom_use_user_ttys(loadkeys_t)
-+userdom_list_user_home_dirs(loadkeys_t)
-
- optional_policy(`
- nscd_dontaudit_search_pid(loadkeys_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.6.8/policy/modules/apps/mono.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.6.9/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/mono.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/mono.if 2009-03-12 11:23:09.000000000 -0400
@@ -21,6 +21,103 @@
########################################
@@ -2636,9 +2455,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
corecmd_search_bin($1)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.6.8/policy/modules/apps/mono.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.6.9/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mono.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/mono.te 2009-03-12 11:23:09.000000000 -0400
@@ -15,7 +15,7 @@
# Local policy
#
@@ -2656,9 +2475,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ xserver_rw_shm(mono_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.6.8/policy/modules/apps/mozilla.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.6.9/policy/modules/apps/mozilla.fc
--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mozilla.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/mozilla.fc 2009-03-12 11:23:09.000000000 -0400
@@ -17,7 +17,6 @@
#
# /etc
@@ -2673,9 +2492,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.6.8/policy/modules/apps/mozilla.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.6.9/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mozilla.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/mozilla.if 2009-03-12 11:23:09.000000000 -0400
@@ -82,8 +82,7 @@
type mozilla_home_t;
')
@@ -2686,9 +2505,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_search_user_home_dirs($1)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.8/policy/modules/apps/mozilla.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.9/policy/modules/apps/mozilla.te
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mozilla.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/mozilla.te 2009-03-12 11:23:09.000000000 -0400
@@ -105,6 +105,7 @@
# Should not need other ports
corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
@@ -2725,10 +2544,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
thunderbird_domtrans(mozilla_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.6.8/policy/modules/apps/mplayer.fc
---- nsaserefpolicy/policy/modules/apps/mplayer.fc 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mplayer.fc 2009-03-10 08:25:54.000000000 -0400
-@@ -1,11 +1,7 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.6.9/policy/modules/apps/mplayer.fc
+--- nsaserefpolicy/policy/modules/apps/mplayer.fc 2009-03-12 11:16:47.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/mplayer.fc 2009-03-12 11:26:15.000000000 -0400
+@@ -1,9 +1,4 @@
#
-# /etc
-#
@@ -2737,40 +2556,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#
# /usr
#
-+/usr/bin/vlc -- gen_context(system_u:object_r:mplayer_exec_t,s0)
/usr/bin/mplayer -- gen_context(system_u:object_r:mplayer_exec_t,s0)
- /usr/bin/mencoder -- gen_context(system_u:object_r:mencoder_exec_t,s0)
- /usr/bin/xine -- gen_context(system_u:object_r:mplayer_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.6.8/policy/modules/apps/mplayer.if
---- nsaserefpolicy/policy/modules/apps/mplayer.if 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/mplayer.if 2009-03-10 08:25:54.000000000 -0400
-@@ -83,3 +83,23 @@
- read_files_pattern($1, mplayer_home_t, mplayer_home_t)
- userdom_search_user_home_dirs($1)
- ')
-+
-+########################################
-+## <summary>
-+## Execute mplayer in the caller domain.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+#
-+interface(`mplayer_exec',`
-+ gen_require(`
-+ type mplayer_exec_t;
-+ ')
-+
-+ can_exec($1, mplayer_exec_t)
-+')
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.6.8/policy/modules/apps/nsplugin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.6.9/policy/modules/apps/nsplugin.fc
--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/nsplugin.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/nsplugin.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,12 @@
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -2784,9 +2573,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0)
+/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.8/policy/modules/apps/nsplugin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.9/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/nsplugin.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/nsplugin.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,272 @@
+
+## <summary>policy for nsplugin</summary>
@@ -3060,9 +2849,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ manage_files_pattern($1, nsplugin_home_t, nsplugin_home_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.6.8/policy/modules/apps/nsplugin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.6.9/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/nsplugin.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/nsplugin.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,288 @@
+
+policy_module(nsplugin, 1.0.0)
@@ -3352,16 +3141,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.6.8/policy/modules/apps/openoffice.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.6.9/policy/modules/apps/openoffice.fc
--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/openoffice.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/openoffice.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,3 @@
+/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.6.8/policy/modules/apps/openoffice.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.6.9/policy/modules/apps/openoffice.if
--- nsaserefpolicy/policy/modules/apps/openoffice.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/openoffice.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/openoffice.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,92 @@
+## <summary>Openoffice</summary>
+
@@ -3455,9 +3244,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_common_x_domain_template($1, $1_openoffice_t)
+ ')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.6.8/policy/modules/apps/openoffice.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.6.9/policy/modules/apps/openoffice.te
--- nsaserefpolicy/policy/modules/apps/openoffice.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/openoffice.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/openoffice.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,14 @@
+
+policy_module(openoffice, 1.0.0)
@@ -3473,17 +3262,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.fc serefpolicy-3.6.8/policy/modules/apps/podsleuth.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.fc serefpolicy-3.6.9/policy/modules/apps/podsleuth.fc
--- nsaserefpolicy/policy/modules/apps/podsleuth.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/podsleuth.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/podsleuth.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,2 +1,4 @@
/usr/bin/podsleuth -- gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/usr/libexec/hal-podsleuth -- gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/var/cache/podsleuth(/.*)? gen_context(system_u:object_r:podsleuth_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.if serefpolicy-3.6.8/policy/modules/apps/podsleuth.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.if serefpolicy-3.6.9/policy/modules/apps/podsleuth.if
--- nsaserefpolicy/policy/modules/apps/podsleuth.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/podsleuth.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/podsleuth.if 2009-03-12 11:23:09.000000000 -0400
@@ -16,4 +16,32 @@
')
@@ -3517,9 +3306,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types podsleuth_t;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.8/policy/modules/apps/podsleuth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.9/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/podsleuth.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/podsleuth.te 2009-03-12 11:23:09.000000000 -0400
@@ -11,21 +11,59 @@
application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t;
@@ -3582,15 +3371,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(podsleuth_t)
dbus_system_bus_client(podsleuth_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.fc serefpolicy-3.6.8/policy/modules/apps/pulseaudio.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.fc serefpolicy-3.6.9/policy/modules/apps/pulseaudio.fc
--- nsaserefpolicy/policy/modules/apps/pulseaudio.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/pulseaudio.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/pulseaudio.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.6.8/policy/modules/apps/pulseaudio.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.6.9/policy/modules/apps/pulseaudio.if
--- nsaserefpolicy/policy/modules/apps/pulseaudio.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/pulseaudio.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/pulseaudio.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,86 @@
+
+## <summary>policy for pulseaudio</summary>
@@ -3678,9 +3467,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ userdom_manage_tmp_role($1, pulseaudio_t)
+ userdom_manage_tmpfs_role($1, pulseaudio_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.8/policy/modules/apps/pulseaudio.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.9/policy/modules/apps/pulseaudio.te
--- nsaserefpolicy/policy/modules/apps/pulseaudio.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/pulseaudio.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/pulseaudio.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,88 @@
+policy_module(pulseaudio,1.0.0)
+
@@ -3770,17 +3559,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.8/policy/modules/apps/qemu.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.9/policy/modules/apps/qemu.fc
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/qemu.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/qemu.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,2 +1,2 @@
-/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
-/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
+/usr/bin/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.6.8/policy/modules/apps/qemu.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.6.9/policy/modules/apps/qemu.if
--- nsaserefpolicy/policy/modules/apps/qemu.if 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/qemu.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/qemu.if 2009-03-12 11:23:09.000000000 -0400
@@ -40,6 +40,93 @@
qemu_domtrans($1)
@@ -4087,9 +3876,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- ')
+ manage_files_pattern($1, qemu_tmp_t, qemu_tmp_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.8/policy/modules/apps/qemu.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.9/policy/modules/apps/qemu.te
--- nsaserefpolicy/policy/modules/apps/qemu.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/qemu.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/qemu.te 2009-03-12 11:23:09.000000000 -0400
@@ -13,28 +13,83 @@
## </desc>
gen_tunable(qemu_full_network, false)
@@ -4182,23 +3971,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# qemu_unconfined local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.6.8/policy/modules/apps/sambagui.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.6.9/policy/modules/apps/sambagui.fc
--- nsaserefpolicy/policy/modules/apps/sambagui.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/sambagui.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/sambagui.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,4 @@
+/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
+
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.6.8/policy/modules/apps/sambagui.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.6.9/policy/modules/apps/sambagui.if
--- nsaserefpolicy/policy/modules/apps/sambagui.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/sambagui.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/sambagui.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,2 @@
+## <summary>system-config-samba policy</summary>
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.6.8/policy/modules/apps/sambagui.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.6.9/policy/modules/apps/sambagui.te
--- nsaserefpolicy/policy/modules/apps/sambagui.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/sambagui.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/sambagui.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,59 @@
+policy_module(sambagui,1.0.0)
+
@@ -4259,30 +4048,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+permissive sambagui_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.6.8/policy/modules/apps/slocate.te
---- nsaserefpolicy/policy/modules/apps/slocate.te 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/slocate.te 2009-03-10 08:25:54.000000000 -0400
-@@ -22,7 +22,7 @@
- #
-
- allow locate_t self:capability { chown dac_read_search dac_override fowner fsetid };
--allow locate_t self:process { execmem execheap execstack };
-+allow locate_t self:process { execmem execheap execstack signal };
- allow locate_t self:fifo_file rw_fifo_file_perms;
- allow locate_t self:unix_stream_socket create_socket_perms;
-
-@@ -46,6 +46,8 @@
-
- fs_getattr_all_fs(locate_t)
- fs_getattr_all_files(locate_t)
-+fs_getattr_all_pipes(locate_t)
-+fs_getattr_all_symlinks(locate_t)
- fs_list_all(locate_t)
- fs_list_inotifyfs(locate_t)
-
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.6.8/policy/modules/apps/wine.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.6.9/policy/modules/apps/wine.fc
--- nsaserefpolicy/policy/modules/apps/wine.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/apps/wine.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/wine.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,4 +1,12 @@
-/usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
+/usr/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
@@ -4299,9 +4067,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/opt/cxoffice/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/picasa/wine/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.6.8/policy/modules/apps/wine.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.6.9/policy/modules/apps/wine.if
--- nsaserefpolicy/policy/modules/apps/wine.if 2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wine.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/wine.if 2009-03-12 11:23:09.000000000 -0400
@@ -43,3 +43,62 @@
wine_domtrans($1)
role $2 types wine_t;
@@ -4365,9 +4133,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ relabel_files_pattern($2, wine_home_t, wine_home_t)
+ relabel_lnk_files_pattern($2, wine_home_t, wine_home_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.6.8/policy/modules/apps/wine.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.6.9/policy/modules/apps/wine.te
--- nsaserefpolicy/policy/modules/apps/wine.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wine.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/wine.te 2009-03-12 11:23:09.000000000 -0400
@@ -9,6 +9,7 @@
type wine_t;
type wine_exec_t;
@@ -4394,16 +4162,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ xserver_rw_shm(wine_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.fc serefpolicy-3.6.8/policy/modules/apps/wm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.fc serefpolicy-3.6.9/policy/modules/apps/wm.fc
--- nsaserefpolicy/policy/modules/apps/wm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wm.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/wm.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,3 @@
+/usr/bin/twm -- gen_context(system_u:object_r:wm_exec_t,s0)
+/usr/bin/openbox -- gen_context(system_u:object_r:wm_exec_t,s0)
+/usr/bin/metacity -- gen_context(system_u:object_r:wm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.6.8/policy/modules/apps/wm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.6.9/policy/modules/apps/wm.if
--- nsaserefpolicy/policy/modules/apps/wm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wm.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/wm.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,108 @@
+## <summary>Window Manager.</summary>
+
@@ -4513,9 +4281,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_use_xdm($1_wm_t)
+ ')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.8/policy/modules/apps/wm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.9/policy/modules/apps/wm.te
--- nsaserefpolicy/policy/modules/apps/wm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/apps/wm.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/apps/wm.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,9 @@
+policy_module(wm,0.0.4)
+
@@ -4526,9 +4294,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+type wm_exec_t;
+corecmd_executable_file(wm_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.8/policy/modules/kernel/corecommands.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.9/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-03-05 10:34:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corecommands.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/corecommands.fc 2009-03-12 11:23:09.000000000 -0400
@@ -134,6 +134,8 @@
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
')
@@ -4553,9 +4321,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/wicd/monitor.py -- gen_context(system_u:object_r:bin_t, s0)
+
+/usr/lib(64)?/nspluginwrapper/np.* gen_context(system_u:object_r:bin_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.6.8/policy/modules/kernel/corecommands.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.6.9/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corecommands.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/corecommands.if 2009-03-12 11:23:09.000000000 -0400
@@ -893,6 +893,7 @@
read_lnk_files_pattern($1, bin_t, bin_t)
@@ -4564,9 +4332,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.6.8/policy/modules/kernel/corenetwork.if.in
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.6.9/policy/modules/kernel/corenetwork.if.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.if.in 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/corenetwork.if.in 2009-03-12 11:23:09.000000000 -0400
@@ -1612,6 +1612,24 @@
########################################
@@ -4617,9 +4385,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read and write the point-to-point device.
## </summary>
## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.9/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-03-02 16:51:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/corenetwork.te.in 2009-03-11 15:16:21.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/corenetwork.te.in 2009-03-12 11:23:09.000000000 -0400
@@ -65,10 +65,12 @@
type server_packet_t, packet_type, server_packet_type;
@@ -4750,9 +4518,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# network_node examples:
#network_node(lo, s0 - mls_systemhigh, 127.0.0.1, 255.255.255.255)
#network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.8/policy/modules/kernel/domain.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.9/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/domain.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/domain.if 2009-03-12 11:23:09.000000000 -0400
@@ -629,6 +629,7 @@
dontaudit $1 unconfined_domain_type:dir search_dir_perms;
@@ -4824,9 +4592,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Unconfined access to domains.
## </summary>
## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.8/policy/modules/kernel/domain.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.9/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/domain.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/domain.te 2009-03-12 11:23:09.000000000 -0400
@@ -5,6 +5,13 @@
#
# Declarations
@@ -4941,9 +4709,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ userdom_relabelto_user_home_dirs(polydomain)
+ userdom_relabelto_user_home_files(polydomain)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.6.8/policy/modules/kernel/files.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.6.9/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/files.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/files.fc 2009-03-12 11:23:09.000000000 -0400
@@ -8,6 +8,8 @@
/initrd\.img.* -l gen_context(system_u:object_r:boot_t,s0)
/vmlinuz.* -l gen_context(system_u:object_r:boot_t,s0)
@@ -4970,9 +4738,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib(/.*)? gen_context(system_u:object_r:var_lib_t,s0)
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.8/policy/modules/kernel/files.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.9/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/files.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/files.if 2009-03-12 11:23:09.000000000 -0400
@@ -110,6 +110,11 @@
## </param>
#
@@ -5288,9 +5056,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ manage_lnk_files_pattern($1, root_t, root_t)
+ can_exec(kernel_t, root_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.6.8/policy/modules/kernel/files.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.6.9/policy/modules/kernel/files.te
--- nsaserefpolicy/policy/modules/kernel/files.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/files.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/files.te 2009-03-12 11:23:09.000000000 -0400
@@ -52,7 +52,9 @@
#
# etc_t is the type of the system etc directories.
@@ -5314,15 +5082,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.6.8/policy/modules/kernel/filesystem.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.6.9/policy/modules/kernel/filesystem.fc
--- nsaserefpolicy/policy/modules/kernel/filesystem.fc 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/kernel/filesystem.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/filesystem.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1 +1 @@
-# This module currently does not have any file contexts.
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.8/policy/modules/kernel/filesystem.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.9/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2009-03-04 16:49:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/filesystem.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/filesystem.if 2009-03-12 11:23:09.000000000 -0400
@@ -754,6 +754,7 @@
attribute noxattrfs;
')
@@ -5355,9 +5123,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.8/policy/modules/kernel/kernel.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.9/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/kernel.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/kernel.if 2009-03-12 11:23:09.000000000 -0400
@@ -1197,6 +1197,26 @@
')
@@ -5481,9 +5249,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 kernel_t:unix_stream_socket connectto;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.6.8/policy/modules/kernel/kernel.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.6.9/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/kernel.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/kernel.te 2009-03-12 11:23:09.000000000 -0400
@@ -63,6 +63,15 @@
genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
@@ -5583,9 +5351,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap };
+
+files_boot(kernel_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.6.8/policy/modules/kernel/selinux.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.6.9/policy/modules/kernel/selinux.if
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/selinux.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/selinux.if 2009-03-12 11:23:09.000000000 -0400
@@ -40,7 +40,7 @@
# because of this statement, any module which
@@ -5643,9 +5411,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_type($1)
+ mls_trusted_object($1)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.8/policy/modules/kernel/terminal.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.9/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/kernel/terminal.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/kernel/terminal.if 2009-03-12 11:23:09.000000000 -0400
@@ -173,7 +173,7 @@
dev_list_all_dev_nodes($1)
@@ -5667,185 +5435,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditadm.te serefpolicy-3.6.8/policy/modules/roles/auditadm.te
---- nsaserefpolicy/policy/modules/roles/auditadm.te 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/auditadm.te 2009-03-10 08:25:54.000000000 -0400
-@@ -17,6 +17,8 @@
-
- allow auditadm_t self:capability { dac_read_search dac_override };
-
-+kernel_read_ring_buffer(auditadm_t)
-+
- corecmd_exec_shell(auditadm_t)
-
- domain_kill_all_domains(auditadm_t)
-@@ -32,158 +34,18 @@
- seutil_read_bin_policy(auditadm_t)
-
- optional_policy(`
-- apache_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- auth_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- bluetooth_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- cdrecord_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
- consoletype_exec(auditadm_t)
- ')
-
- optional_policy(`
-- cron_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- dbus_role_template(auditadm, auditadm_r, auditadm_t)
--')
--
--optional_policy(`
- dmesg_exec(auditadm_t)
- ')
-
- optional_policy(`
-- ethereal_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- evolution_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- games_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- gift_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- gpg_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- gnome_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- irc_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- java_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- lockdev_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- lpd_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- mozilla_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- mplayer_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- mta_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- oident_manage_user_content(auditadm_t)
-- oident_relabel_user_content(auditadm_t)
--')
--
--optional_policy(`
-- pyzor_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- razor_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- rssh_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- screen_role_template(auditadm, auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- spamassassin_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- ssh_role_template(auditadm, auditadm_r, auditadm_t)
--')
--
--optional_policy(`
- secadm_role_change(auditadm_r)
- ')
-
- optional_policy(`
-- su_role_template(auditadm, auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- sudo_role_template(auditadm, auditadm_r, auditadm_t)
--')
--
--optional_policy(`
- sysadm_role_change(auditadm_r)
- ')
-
--optional_policy(`
-- thunderbird_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- tvtime_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- userhelper_role_template(auditadm, auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- vmware_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- wireshark_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- uml_role(auditadm_r, auditadm_t)
--')
--
--optional_policy(`
-- xserver_role(auditadm_r, auditadm_t)
--')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.6.8/policy/modules/roles/guest.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.6.9/policy/modules/roles/guest.fc
--- nsaserefpolicy/policy/modules/roles/guest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/guest.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/guest.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+# file contexts handled by userdomain and genhomedircon
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.if serefpolicy-3.6.8/policy/modules/roles/guest.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.if serefpolicy-3.6.9/policy/modules/roles/guest.if
--- nsaserefpolicy/policy/modules/roles/guest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/guest.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/guest.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,50 @@
+## <summary>Least privledge terminal user role</summary>
+
@@ -5897,9 +5494,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow guest_r $1;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.6.8/policy/modules/roles/guest.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.6.9/policy/modules/roles/guest.te
--- nsaserefpolicy/policy/modules/roles/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/guest.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/guest.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,26 @@
+
+policy_module(guest, 1.0.0)
@@ -5927,14 +5524,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+gen_user(guest_u, user, guest_r, s0, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.fc serefpolicy-3.6.8/policy/modules/roles/logadm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.fc serefpolicy-3.6.9/policy/modules/roles/logadm.fc
--- nsaserefpolicy/policy/modules/roles/logadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/logadm.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/logadm.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+# file contexts handled by userdomain and genhomedircon
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.if serefpolicy-3.6.8/policy/modules/roles/logadm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.if serefpolicy-3.6.9/policy/modules/roles/logadm.if
--- nsaserefpolicy/policy/modules/roles/logadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/logadm.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/logadm.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,50 @@
+## <summary>Log administrator role</summary>
+
@@ -5986,9 +5583,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow logadm_r $1;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.te serefpolicy-3.6.8/policy/modules/roles/logadm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.te serefpolicy-3.6.9/policy/modules/roles/logadm.te
--- nsaserefpolicy/policy/modules/roles/logadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/logadm.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/logadm.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,20 @@
+
+policy_module(logadm, 1.0.0)
@@ -6010,167 +5607,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
+
+logging_admin(logadm_t, logadm_r)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.te serefpolicy-3.6.8/policy/modules/roles/secadm.te
---- nsaserefpolicy/policy/modules/roles/secadm.te 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/secadm.te 2009-03-10 08:25:54.000000000 -0400
-@@ -45,154 +45,18 @@
- ')
-
- optional_policy(`
-- apache_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
- auditadm_role_change(secadm_r)
- ')
-
- optional_policy(`
-- bluetooth_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- cdrecord_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- cron_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- dbus_role_template(secadm, secadm_r, secadm_t)
--')
--
--optional_policy(`
- dmesg_exec(secadm_t)
- ')
-
- optional_policy(`
-- ethereal_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- evolution_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- games_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- gift_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- gnome_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- gpg_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- irc_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- java_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- lockdev_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- lpd_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- mozilla_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- mplayer_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- mta_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
- netlabel_run_mgmt(secadm_t, secadm_r)
- ')
-
- optional_policy(`
-- oident_manage_user_content(secadm_t)
-- oident_relabel_user_content(secadm_t)
--')
--
--optional_policy(`
-- pyzor_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- razor_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- rssh_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- screen_role_template(secadm, secadm_r, secadm_t)
--')
--
--optional_policy(`
-- spamassassin_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- ssh_role_template(secadm, secadm_r, secadm_t)
--')
--
--optional_policy(`
-- su_role_template(secadm, secadm_r, secadm_t)
--')
--
--optional_policy(`
-- sudo_role_template(secadm, secadm_r, secadm_t)
--')
--
--optional_policy(`
- sysadm_role_change(secadm_r)
- ')
-
--optional_policy(`
-- thunderbird_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- tvtime_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- uml_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- userhelper_role_template(secadm, secadm_r, secadm_t)
--')
--
--optional_policy(`
-- vmware_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- wireshark_role(secadm_r, secadm_t)
--')
--
--optional_policy(`
-- xserver_role(secadm_r, secadm_t)
--')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.8/policy/modules/roles/staff.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.9/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/staff.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/staff.te 2009-03-12 11:23:09.000000000 -0400
@@ -15,156 +15,88 @@
# Local policy
#
@@ -6360,9 +5799,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- xserver_role(staff_r, staff_t)
+ virt_stream_connect(staff_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.6.8/policy/modules/roles/sysadm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.6.9/policy/modules/roles/sysadm.if
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/sysadm.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/sysadm.if 2009-03-12 11:23:09.000000000 -0400
@@ -116,41 +116,6 @@
########################################
@@ -6405,9 +5844,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Allow sysadm to execute a generic bin program in
## a specified domain. This is an explicit transition,
## requiring the caller to use setexeccon().
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.8/policy/modules/roles/sysadm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.9/policy/modules/roles/sysadm.te
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/sysadm.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/sysadm.te 2009-03-12 11:23:09.000000000 -0400
@@ -15,7 +15,7 @@
role sysadm_r;
@@ -6694,9 +6133,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-optional_policy(`
yam_run(sysadm_t, sysadm_r)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.6.8/policy/modules/roles/unprivuser.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.6.9/policy/modules/roles/unprivuser.te
--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/unprivuser.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/unprivuser.te 2009-03-12 11:23:09.000000000 -0400
@@ -14,142 +14,13 @@
userdom_unpriv_user_template(user)
@@ -6843,14 +6282,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- xserver_role(user_r, user_t)
+ setroubleshoot_dontaudit_stream_connect(user_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.fc serefpolicy-3.6.8/policy/modules/roles/webadm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.fc serefpolicy-3.6.9/policy/modules/roles/webadm.fc
--- nsaserefpolicy/policy/modules/roles/webadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/webadm.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/webadm.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+# No webadm file contexts.
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.if serefpolicy-3.6.8/policy/modules/roles/webadm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.if serefpolicy-3.6.9/policy/modules/roles/webadm.if
--- nsaserefpolicy/policy/modules/roles/webadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/webadm.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/webadm.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,50 @@
+## <summary>Web administrator role</summary>
+
@@ -6902,9 +6341,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow webadm_r $1;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.te serefpolicy-3.6.8/policy/modules/roles/webadm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.te serefpolicy-3.6.9/policy/modules/roles/webadm.te
--- nsaserefpolicy/policy/modules/roles/webadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/webadm.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/webadm.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,64 @@
+
+policy_module(webadm, 1.0.0)
@@ -6970,14 +6409,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ userdom_write_user_tmp_files(webadm_t)
+')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.fc serefpolicy-3.6.8/policy/modules/roles/xguest.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.fc serefpolicy-3.6.9/policy/modules/roles/xguest.fc
--- nsaserefpolicy/policy/modules/roles/xguest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/xguest.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/xguest.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+# file contexts handled by userdomain and genhomedircon
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.if serefpolicy-3.6.8/policy/modules/roles/xguest.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.if serefpolicy-3.6.9/policy/modules/roles/xguest.if
--- nsaserefpolicy/policy/modules/roles/xguest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/xguest.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/xguest.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,50 @@
+## <summary>Least privledge xwindows user role</summary>
+
@@ -7029,9 +6468,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow xguest_r $1;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.8/policy/modules/roles/xguest.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.9/policy/modules/roles/xguest.te
--- nsaserefpolicy/policy/modules/roles/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/roles/xguest.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/roles/xguest.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,87 @@
+
+policy_module(xguest, 1.0.0)
@@ -7120,9 +6559,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ')
+')
+gen_user(xguest_u, user, xguest_r, s0, s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.8/policy/modules/services/afs.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.9/policy/modules/services/afs.fc
--- nsaserefpolicy/policy/modules/services/afs.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/afs.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/afs.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,3 +1,6 @@
+/etc/rc\.d/init\.d/openafs-client -- gen_context(system_u:object_r:afs_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/afs -- gen_context(system_u:object_r:afs_initrc_exec_t,s0)
@@ -7144,9 +6583,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/vice/etc/afsd -- gen_context(system_u:object_r:afs_exec_t,s0)
+
+/var/cache/afs(/.*)? gen_context(system_u:object_r:afs_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.6.8/policy/modules/services/afs.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.6.9/policy/modules/services/afs.if
--- nsaserefpolicy/policy/modules/services/afs.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/afs.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/afs.if 2009-03-12 11:23:09.000000000 -0400
@@ -1 +1,110 @@
## <summary>Andrew Filesystem server</summary>
+
@@ -7258,9 +6697,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $2 system_r;
+
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.8/policy/modules/services/afs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.9/policy/modules/services/afs.te
--- nsaserefpolicy/policy/modules/services/afs.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/afs.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/afs.te 2009-03-12 11:23:09.000000000 -0400
@@ -6,6 +6,16 @@
# Declarations
#
@@ -7325,9 +6764,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+logging_send_syslog_msg(afs_t)
+
+permissive afs_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.8/policy/modules/services/apache.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.9/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/apache.fc 2009-03-10 16:56:25.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/apache.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,12 +1,13 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -7416,9 +6855,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/rt3/data/RT-Shredder(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
+
+/var/www/svn(/.*)? gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.8/policy/modules/services/apache.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.9/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/apache.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/apache.if 2009-03-12 11:23:09.000000000 -0400
@@ -13,21 +13,16 @@
#
template(`apache_content_template',`
@@ -7951,9 +7390,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ')
+ typeattribute $1 httpd_rw_content;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.8/policy/modules/services/apache.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.9/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/apache.te 2009-03-11 14:44:03.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/apache.te 2009-03-12 11:23:09.000000000 -0400
@@ -19,6 +19,8 @@
# Declarations
#
@@ -8659,9 +8098,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+typealias httpd_sys_script_rw_t alias httpd_fastcgi_script_rw_t;
+typealias httpd_sys_script_t alias httpd_fastcgi_script_t;
+typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.6.8/policy/modules/services/apcupsd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.6.9/policy/modules/services/apcupsd.fc
--- nsaserefpolicy/policy/modules/services/apcupsd.fc 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/apcupsd.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/apcupsd.fc 2009-03-12 11:23:09.000000000 -0400
@@ -5,6 +5,7 @@
')
@@ -8670,9 +8109,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/log/apcupsd\.events.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
/var/log/apcupsd\.status.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.8/policy/modules/services/automount.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.9/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/automount.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/automount.te 2009-03-12 11:23:09.000000000 -0400
@@ -71,6 +71,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -8714,9 +8153,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kerberos_read_config(automount_t)
kerberos_dontaudit_write_config(automount_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.6.8/policy/modules/services/avahi.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.6.9/policy/modules/services/avahi.if
--- nsaserefpolicy/policy/modules/services/avahi.if 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/avahi.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/avahi.if 2009-03-12 11:23:09.000000000 -0400
@@ -21,6 +21,25 @@
########################################
@@ -8768,9 +8207,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Send and receive messages from
## avahi over dbus.
## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.8/policy/modules/services/avahi.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.9/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/avahi.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/avahi.te 2009-03-12 11:23:09.000000000 -0400
@@ -33,6 +33,7 @@
allow avahi_t self:tcp_socket create_stream_socket_perms;
allow avahi_t self:udp_socket create_socket_perms;
@@ -8787,9 +8226,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.8/policy/modules/services/bind.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.9/policy/modules/services/bind.fc
--- nsaserefpolicy/policy/modules/services/bind.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bind.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/bind.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,17 +1,22 @@
/etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/unbound -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
@@ -8821,9 +8260,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/named/chroot/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
/var/named/chroot/var/run/named.* gen_context(system_u:object_r:named_var_run_t,s0)
/var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.8/policy/modules/services/bind.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.9/policy/modules/services/bind.if
--- nsaserefpolicy/policy/modules/services/bind.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bind.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/bind.if 2009-03-12 11:23:09.000000000 -0400
@@ -38,6 +38,42 @@
########################################
@@ -8920,9 +8359,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_list_pids($1)
admin_pattern($1, named_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.6.8/policy/modules/services/bind.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.6.9/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bind.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/bind.te 2009-03-12 11:23:09.000000000 -0400
@@ -169,7 +169,7 @@
')
@@ -8932,9 +8371,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.6.8/policy/modules/services/bluetooth.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.6.9/policy/modules/services/bluetooth.fc
--- nsaserefpolicy/policy/modules/services/bluetooth.fc 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bluetooth.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/bluetooth.fc 2009-03-12 11:23:09.000000000 -0400
@@ -15,6 +15,7 @@
/usr/bin/hidd -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
/usr/bin/rfcomm -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
@@ -8943,9 +8382,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/hciattach -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
/usr/sbin/hcid -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
/usr/sbin/hid2hci -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.6.8/policy/modules/services/bluetooth.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.6.9/policy/modules/services/bluetooth.if
--- nsaserefpolicy/policy/modules/services/bluetooth.if 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bluetooth.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/bluetooth.if 2009-03-12 11:23:09.000000000 -0400
@@ -173,7 +173,7 @@
interface(`bluetooth_admin',`
gen_require(`
@@ -8965,9 +8404,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_list_var_lib($1)
admin_pattern($1, bluetooth_var_lib_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.8/policy/modules/services/bluetooth.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.9/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/bluetooth.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/bluetooth.te 2009-03-12 11:23:09.000000000 -0400
@@ -93,6 +93,7 @@
kernel_read_kernel_sysctls(bluetooth_t)
@@ -8989,9 +8428,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.fc serefpolicy-3.6.8/policy/modules/services/certmaster.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.fc serefpolicy-3.6.9/policy/modules/services/certmaster.fc
--- nsaserefpolicy/policy/modules/services/certmaster.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/certmaster.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/certmaster.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,9 @@
+
+/etc/rc\.d/init\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
@@ -9002,9 +8441,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/certmaster.* gen_context(system_u:object_r:certmaster_var_run_t,s0)
+
+/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.6.8/policy/modules/services/certmaster.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.6.9/policy/modules/services/certmaster.if
--- nsaserefpolicy/policy/modules/services/certmaster.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/certmaster.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/certmaster.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,123 @@
+## <summary>policy for certmaster</summary>
+
@@ -9129,9 +8568,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_var_lib($1)
+ admin_pattern($1, certmaster_var_lib_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.6.8/policy/modules/services/certmaster.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.6.9/policy/modules/services/certmaster.te
--- nsaserefpolicy/policy/modules/services/certmaster.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/certmaster.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/certmaster.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,79 @@
+policy_module(certmaster,1.0.0)
+
@@ -9212,9 +8651,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_manage_cert_files(certmaster_t)
+
+permissive certmaster_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.6.8/policy/modules/services/clamav.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.6.9/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/clamav.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/clamav.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,20 +1,23 @@
/etc/clamav(/.*)? gen_context(system_u:object_r:clamd_etc_t,s0)
+/etc/rc\.d/init\.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_initrc_exec_t,s0)
@@ -9244,9 +8683,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
+/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.6.8/policy/modules/services/clamav.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.6.9/policy/modules/services/clamav.if
--- nsaserefpolicy/policy/modules/services/clamav.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/clamav.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/clamav.if 2009-03-12 11:23:09.000000000 -0400
@@ -38,6 +38,27 @@
########################################
@@ -9363,9 +8802,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, freshclam_var_log_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.8/policy/modules/services/clamav.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.9/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/clamav.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/clamav.te 2009-03-12 11:23:09.000000000 -0400
@@ -13,7 +13,10 @@
# configuration files
@@ -9451,9 +8890,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
apache_read_sys_content(clamscan_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.8/policy/modules/services/consolekit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.9/policy/modules/services/consolekit.fc
--- nsaserefpolicy/policy/modules/services/consolekit.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/consolekit.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/consolekit.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,3 +1,6 @@
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
@@ -9461,9 +8900,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/ConsoleKit(/.*)? -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
+
+/var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.6.8/policy/modules/services/consolekit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.6.9/policy/modules/services/consolekit.if
--- nsaserefpolicy/policy/modules/services/consolekit.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/consolekit.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/consolekit.if 2009-03-12 11:23:09.000000000 -0400
@@ -38,3 +38,24 @@
allow $1 consolekit_t:dbus send_msg;
allow consolekit_t $1:dbus send_msg;
@@ -9489,9 +8928,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.8/policy/modules/services/consolekit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.9/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/consolekit.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/consolekit.te 2009-03-12 11:23:09.000000000 -0400
@@ -13,6 +13,9 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -9601,9 +9040,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_dontaudit_rw_cifs_files(consolekit_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.6.8/policy/modules/services/courier.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.6.9/policy/modules/services/courier.if
--- nsaserefpolicy/policy/modules/services/courier.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/courier.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/courier.if 2009-03-12 11:23:09.000000000 -0400
@@ -179,6 +179,24 @@
########################################
@@ -9629,9 +9068,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Read and write to courier spool pipes.
## </summary>
## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.8/policy/modules/services/courier.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.9/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/courier.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/courier.te 2009-03-12 11:23:09.000000000 -0400
@@ -10,6 +10,7 @@
type courier_etc_t;
@@ -9640,9 +9079,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
courier_domain_template(pcp)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.8/policy/modules/services/cron.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.9/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cron.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/cron.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/atd -- gen_context(system_u:object_r:crond_initrc_exec_t,s0)
@@ -9674,9 +9113,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0)
+
+/var/log/rpmpkgs.* -- gen_context(system_u:object_r:cron_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.8/policy/modules/services/cron.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.9/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cron.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/cron.if 2009-03-12 11:23:09.000000000 -0400
@@ -12,6 +12,10 @@
## </param>
#
@@ -9977,9 +9416,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ init_labeled_script_domtrans($1, crond_initrc_exec_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.8/policy/modules/services/cron.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.9/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cron.te 2009-03-11 16:24:13.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/cron.te 2009-03-12 11:23:09.000000000 -0400
@@ -38,6 +38,10 @@
type cron_var_lib_t;
files_type(cron_var_lib_t)
@@ -10307,9 +9746,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`fcron_crond', `
allow crond_t user_cron_spool_t:file manage_file_perms;
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.8/policy/modules/services/cups.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.9/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/cups.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/cups.fc 2009-03-12 11:23:09.000000000 -0400
@@ -5,27 +5,38 @@
/etc/cups/classes\.conf.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/cupsd\.conf.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -10383,9 +9822,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+
+/usr/lib/cups/backend/cups-pdf -- gen_context(system_u:object_r:cups_pdf_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.6.8/policy/modules/services/cups.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.6.9/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cups.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/cups.if 2009-03-12 11:23:09.000000000 -0400
@@ -20,6 +20,30 @@
########################################
@@ -10510,9 +9949,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ admin_pattern($1, hplip_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.8/policy/modules/services/cups.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.9/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cups.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/cups.te 2009-03-12 11:23:09.000000000 -0400
@@ -20,9 +20,18 @@
type cupsd_etc_t;
files_config_file(cupsd_etc_t)
@@ -10917,9 +10356,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+manage_files_pattern(cups_pdf_t, cupsd_log_t, cupsd_log_t)
+miscfiles_read_fonts(cups_pdf_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.6.8/policy/modules/services/cvs.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.6.9/policy/modules/services/cvs.if
--- nsaserefpolicy/policy/modules/services/cvs.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cvs.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/cvs.if 2009-03-12 11:23:09.000000000 -0400
@@ -15,7 +15,9 @@
type cvs_data_t;
')
@@ -10931,18 +10370,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.6.8/policy/modules/services/cvs.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.6.9/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/cvs.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/cvs.te 2009-03-12 11:23:09.000000000 -0400
@@ -112,4 +112,5 @@
read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
+ files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.6.8/policy/modules/services/dbus.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.6.9/policy/modules/services/dbus.fc
--- nsaserefpolicy/policy/modules/services/dbus.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dbus.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dbus.fc 2009-03-12 11:23:09.000000000 -0400
@@ -4,6 +4,9 @@
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/bin/dbus-daemon -- gen_context(system_u:object_r:dbusd_exec_t,s0)
@@ -10953,9 +10392,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.8/policy/modules/services/dbus.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.9/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dbus.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dbus.if 2009-03-12 11:23:09.000000000 -0400
@@ -44,6 +44,7 @@
attribute session_bus_type;
@@ -11140,9 +10579,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 system_dbusd_t:tcp_socket { read write };
+ allow $1 system_dbusd_t:fd use;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.8/policy/modules/services/dbus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.9/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dbus.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dbus.te 2009-03-12 11:23:09.000000000 -0400
@@ -9,14 +9,15 @@
#
# Delcarations
@@ -11270,9 +10709,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_rw_shm(unconfined_dbusd_t)
+ ')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.8/policy/modules/services/dcc.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.9/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dcc.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dcc.te 2009-03-12 11:23:09.000000000 -0400
@@ -137,6 +137,7 @@
corenet_all_recvfrom_unlabeled(dcc_client_t)
@@ -11281,9 +10720,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_udp_sendrecv_generic_if(dcc_client_t)
corenet_udp_sendrecv_generic_node(dcc_client_t)
corenet_udp_sendrecv_all_ports(dcc_client_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.6.8/policy/modules/services/devicekit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.6.9/policy/modules/services/devicekit.fc
--- nsaserefpolicy/policy/modules/services/devicekit.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/devicekit.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/devicekit.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,7 @@
+
+/usr/libexec/devkit-daemon -- gen_context(system_u:object_r:devicekit_exec_t,s0)
@@ -11292,9 +10731,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/DeviceKit-power(/.*)? gen_context(system_u:object_r:devicekit_var_lib_t,s0)
+
+/var/run/devkit(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.6.8/policy/modules/services/devicekit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.6.9/policy/modules/services/devicekit.if
--- nsaserefpolicy/policy/modules/services/devicekit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/devicekit.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/devicekit.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,177 @@
+
+## <summary>policy for devicekit</summary>
@@ -11473,9 +10912,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 devicekit_t:unix_dgram_socket sendto;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.8/policy/modules/services/devicekit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.9/policy/modules/services/devicekit.te
--- nsaserefpolicy/policy/modules/services/devicekit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/devicekit.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/devicekit.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,138 @@
+policy_module(devicekit,1.0.0)
+
@@ -11615,9 +11054,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ vbetool_domtrans(devicekit_power_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.6.8/policy/modules/services/dhcp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.6.9/policy/modules/services/dhcp.if
--- nsaserefpolicy/policy/modules/services/dhcp.if 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dhcp.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dhcp.if 2009-03-12 11:23:09.000000000 -0400
@@ -22,6 +22,25 @@
########################################
@@ -11644,17 +11083,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## All of the rules required to administrate
## an dhcp environment
## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.6.8/policy/modules/services/dnsmasq.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.6.9/policy/modules/services/dnsmasq.fc
--- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dnsmasq.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dnsmasq.fc 2009-03-12 11:23:09.000000000 -0400
@@ -5,3 +5,4 @@
/var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
/var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0)
/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
+/var/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.6.8/policy/modules/services/dnsmasq.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.6.9/policy/modules/services/dnsmasq.if
--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2008-11-18 18:57:21.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dnsmasq.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dnsmasq.if 2009-03-12 11:23:09.000000000 -0400
@@ -22,6 +22,25 @@
########################################
@@ -11753,9 +11192,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## All of the rules required to administrate
## an dnsmasq environment
## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.8/policy/modules/services/dnsmasq.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.9/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dnsmasq.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dnsmasq.te 2009-03-12 11:23:09.000000000 -0400
@@ -69,21 +69,22 @@
# allow access to dnsmasq.conf
@@ -11788,9 +11227,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
virt_manage_lib_files(dnsmasq_t)
+ virt_read_pid_files(dnsmasq_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.6.8/policy/modules/services/dovecot.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.6.9/policy/modules/services/dovecot.fc
--- nsaserefpolicy/policy/modules/services/dovecot.fc 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dovecot.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dovecot.fc 2009-03-12 11:23:09.000000000 -0400
@@ -6,6 +6,7 @@
/etc/dovecot\.passwd.* gen_context(system_u:object_r:dovecot_passwd_t,s0)
@@ -11824,9 +11263,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/dovecot\.log.* gen_context(system_u:object_r:dovecot_var_log_t,s0)
+
/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.6.8/policy/modules/services/dovecot.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.6.9/policy/modules/services/dovecot.if
--- nsaserefpolicy/policy/modules/services/dovecot.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dovecot.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dovecot.if 2009-03-12 11:23:09.000000000 -0400
@@ -21,7 +21,46 @@
########################################
@@ -11936,9 +11375,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.8/policy/modules/services/dovecot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.9/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/dovecot.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/dovecot.te 2009-03-12 11:23:09.000000000 -0400
@@ -15,12 +15,21 @@
domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -12121,9 +11560,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ mta_manage_spool(dovecot_deliver_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.6.8/policy/modules/services/exim.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.6.9/policy/modules/services/exim.if
--- nsaserefpolicy/policy/modules/services/exim.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/exim.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/exim.if 2009-03-12 11:23:09.000000000 -0400
@@ -97,6 +97,26 @@
########################################
@@ -12175,9 +11614,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ manage_dirs_pattern($1, exim_spool_t, exim_spool_t)
+ files_search_spool($1)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.8/policy/modules/services/exim.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.9/policy/modules/services/exim.te
--- nsaserefpolicy/policy/modules/services/exim.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/exim.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/exim.te 2009-03-12 11:23:09.000000000 -0400
@@ -21,9 +21,20 @@
## </desc>
gen_tunable(exim_manage_user_files, false)
@@ -12332,9 +11771,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ spamassassin_exec(exim_t)
+ spamassassin_exec_client(exim_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.8/policy/modules/services/ftp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.9/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ftp.te 2009-03-10 11:53:44.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ftp.te 2009-03-12 11:23:09.000000000 -0400
@@ -26,7 +26,7 @@
## <desc>
## <p>
@@ -12442,16 +11881,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(ftpd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.8/policy/modules/services/gnomeclock.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.9/policy/modules/services/gnomeclock.fc
--- nsaserefpolicy/policy/modules/services/gnomeclock.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gnomeclock.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/gnomeclock.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.8/policy/modules/services/gnomeclock.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.9/policy/modules/services/gnomeclock.if
--- nsaserefpolicy/policy/modules/services/gnomeclock.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gnomeclock.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/gnomeclock.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,69 @@
+
+## <summary>policy for gnomeclock</summary>
@@ -12522,9 +11961,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 gnomeclock_t:dbus send_msg;
+ allow gnomeclock_t $1:dbus send_msg;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.8/policy/modules/services/gnomeclock.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.9/policy/modules/services/gnomeclock.te
--- nsaserefpolicy/policy/modules/services/gnomeclock.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gnomeclock.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/gnomeclock.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,51 @@
+policy_module(gnomeclock, 1.0.0)
+########################################
@@ -12577,16 +12016,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ polkit_read_reload(gnomeclock_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.8/policy/modules/services/gpsd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.9/policy/modules/services/gpsd.fc
--- nsaserefpolicy/policy/modules/services/gpsd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gpsd.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/gpsd.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.8/policy/modules/services/gpsd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.9/policy/modules/services/gpsd.if
--- nsaserefpolicy/policy/modules/services/gpsd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gpsd.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/gpsd.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,83 @@
+## <summary>gpsd monitor daemon</summary>
+
@@ -12671,9 +12110,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+ read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.8/policy/modules/services/gpsd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.9/policy/modules/services/gpsd.te
--- nsaserefpolicy/policy/modules/services/gpsd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/gpsd.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/gpsd.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,52 @@
+policy_module(gpsd,1.0.0)
+
@@ -12727,9 +12166,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.8/policy/modules/services/hal.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.9/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/hal.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/hal.fc 2009-03-12 11:23:09.000000000 -0400
@@ -5,6 +5,7 @@
/usr/bin/hal-setup-keymap -- gen_context(system_u:object_r:hald_keymap_exec_t,s0)
@@ -12738,9 +12177,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/libexec/hal-hotplug-map -- gen_context(system_u:object_r:hald_exec_t,s0)
/usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.8/policy/modules/services/hal.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.9/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/hal.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/hal.if 2009-03-12 11:23:09.000000000 -0400
@@ -20,6 +20,24 @@
########################################
@@ -12841,9 +12280,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ logging_log_filetrans($1, hald_log_t, file)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.8/policy/modules/services/hal.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.9/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/hal.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/hal.te 2009-03-12 11:23:09.000000000 -0400
@@ -49,6 +49,15 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -13013,9 +12452,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_localization(hald_dccm_t)
+
+permissive hald_dccm_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.fc serefpolicy-3.6.8/policy/modules/services/ifplugd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.fc serefpolicy-3.6.9/policy/modules/services/ifplugd.fc
--- nsaserefpolicy/policy/modules/services/ifplugd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ifplugd.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ifplugd.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,9 @@
+
+/etc/ifplugd(/.*)? gen_context(system_u:object_r:ifplugd_etc_t,s0)
@@ -13026,9 +12465,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/var/run/ifplugd.* gen_context(system_u:object_r:ifplugd_var_run_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.6.8/policy/modules/services/ifplugd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.6.9/policy/modules/services/ifplugd.if
--- nsaserefpolicy/policy/modules/services/ifplugd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ifplugd.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ifplugd.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,194 @@
+## <summary>policy for ifplugd</summary>
+
@@ -13224,9 +12663,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, ifplugd_var_run_t)
+
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.te serefpolicy-3.6.8/policy/modules/services/ifplugd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.te serefpolicy-3.6.9/policy/modules/services/ifplugd.te
--- nsaserefpolicy/policy/modules/services/ifplugd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ifplugd.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ifplugd.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,89 @@
+policy_module(ifplugd,1.0.0)
+
@@ -13317,9 +12756,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive ifplugd_t;
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.8/policy/modules/services/kerberos.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.9/policy/modules/services/kerberos.fc
--- nsaserefpolicy/policy/modules/services/kerberos.fc 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/kerberos.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/kerberos.fc 2009-03-12 11:23:09.000000000 -0400
@@ -21,6 +21,7 @@
/var/kerberos/krb5kdc/from_master.* gen_context(system_u:object_r:krb5kdc_lock_t,s0)
/var/kerberos/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
@@ -13328,9 +12767,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/log/krb5kdc\.log gen_context(system_u:object_r:krb5kdc_log_t,s0)
/var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.8/policy/modules/services/kerberos.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.9/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/kerberos.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/kerberos.te 2009-03-12 11:23:09.000000000 -0400
@@ -290,6 +290,7 @@
corenet_tcp_sendrecv_generic_node(kpropd_t)
corenet_tcp_sendrecv_all_ports(kpropd_t)
@@ -13339,9 +12778,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_urand(kpropd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.8/policy/modules/services/kerneloops.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.9/policy/modules/services/kerneloops.if
--- nsaserefpolicy/policy/modules/services/kerneloops.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/kerneloops.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/kerneloops.if 2009-03-12 11:23:09.000000000 -0400
@@ -63,6 +63,25 @@
########################################
@@ -13384,9 +12823,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, kerneloops_tmp_t)
')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.8/policy/modules/services/kerneloops.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.9/policy/modules/services/kerneloops.te
--- nsaserefpolicy/policy/modules/services/kerneloops.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/kerneloops.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/kerneloops.te 2009-03-12 11:23:09.000000000 -0400
@@ -13,6 +13,9 @@
type kerneloops_initrc_exec_t;
init_script_file(kerneloops_initrc_exec_t)
@@ -13419,9 +12858,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- dbus_connect_system_bus(kerneloops_t)
+ dbus_system_domain(kerneloops_t, kerneloops_exec_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.8/policy/modules/services/ktalk.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.9/policy/modules/services/ktalk.te
--- nsaserefpolicy/policy/modules/services/ktalk.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ktalk.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ktalk.te 2009-03-12 11:23:09.000000000 -0400
@@ -69,6 +69,7 @@
files_read_etc_files(ktalkd_t)
@@ -13430,17 +12869,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(ktalkd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.8/policy/modules/services/mailman.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.9/policy/modules/services/mailman.fc
--- nsaserefpolicy/policy/modules/services/mailman.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/mailman.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/mailman.fc 2009-03-12 11:23:09.000000000 -0400
@@ -31,3 +31,4 @@
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
')
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.8/policy/modules/services/mailman.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.9/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mailman.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/mailman.if 2009-03-12 11:23:09.000000000 -0400
@@ -31,6 +31,12 @@
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -13504,9 +12943,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Append to mailman logs.
## </summary>
## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.8/policy/modules/services/mailman.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.9/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mailman.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/mailman.te 2009-03-12 11:23:09.000000000 -0400
@@ -53,10 +53,8 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -13573,9 +13012,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.8/policy/modules/services/mta.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.9/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/mta.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/mta.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,4 +1,4 @@
-/bin/mail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
+/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -13604,9 +13043,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#ifdef(`postfix.te', `', `
-#/var/spool/postfix(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
-#')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.8/policy/modules/services/mta.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.9/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mta.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/mta.if 2009-03-12 11:23:09.000000000 -0400
@@ -130,6 +130,15 @@
sendmail_create_log($1_mail_t)
')
@@ -13674,9 +13113,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.8/policy/modules/services/mta.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.9/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mta.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/mta.te 2009-03-12 11:23:09.000000000 -0400
@@ -47,34 +47,49 @@
#
@@ -13819,9 +13258,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# User send mail local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.8/policy/modules/services/munin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.9/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/munin.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/munin.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,4 +1,5 @@
/etc/munin(/.*)? gen_context(system_u:object_r:munin_etc_t,s0)
+/etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0)
@@ -13839,34 +13278,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0)
+/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.8/policy/modules/services/munin.if
---- nsaserefpolicy/policy/modules/services/munin.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/munin.if 2009-03-10 08:25:54.000000000 -0400
-@@ -80,3 +80,76 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.9/policy/modules/services/munin.if
+--- nsaserefpolicy/policy/modules/services/munin.if 2009-03-12 11:16:47.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/munin.if 2009-03-12 11:25:27.000000000 -0400
+@@ -59,8 +59,9 @@
+ type munin_log_t;
+ ')
- dontaudit $1 munin_var_lib_t:dir search_dir_perms;
- ')
-+
-+########################################
-+## <summary>
-+## Allow the specified domain to append
-+## to munin log files.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`munin_append_log',`
-+ gen_require(`
-+ type munin_log_t;
-+ ')
-+
-+ logging_search_logs($1)
+- allow $1 munin_log_t:file append_file_perms;
+ logging_search_logs($1)
+ allow $1 munin_log_t:dir list_dir_perms;
+ append_files_pattern($1, munin_log_t, munin_log_t)
-+')
+ ')
+
+ #######################################
+@@ -100,3 +101,55 @@
+
+ dontaudit $1 munin_var_lib_t:dir search_dir_perms;
+ ')
+
+########################################
+## <summary>
@@ -13919,9 +13348,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, httpd_munin_content_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.8/policy/modules/services/munin.te
---- nsaserefpolicy/policy/modules/services/munin.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/munin.te 2009-03-10 08:25:54.000000000 -0400
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.9/policy/modules/services/munin.te
+--- nsaserefpolicy/policy/modules/services/munin.te 2009-03-12 11:16:47.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/munin.te 2009-03-12 11:23:09.000000000 -0400
@@ -13,6 +13,9 @@
type munin_etc_t alias lrrd_etc_t;
files_config_file(munin_etc_t)
@@ -14056,9 +13485,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+manage_dirs_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
+manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.6.8/policy/modules/services/mysql.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.6.9/policy/modules/services/mysql.fc
--- nsaserefpolicy/policy/modules/services/mysql.fc 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mysql.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/mysql.fc 2009-03-12 11:23:09.000000000 -0400
@@ -12,6 +12,8 @@
#
/usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0)
@@ -14068,9 +13497,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/mysqld(-max)? -- gen_context(system_u:object_r:mysqld_exec_t,s0)
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.6.8/policy/modules/services/mysql.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.6.9/policy/modules/services/mysql.if
--- nsaserefpolicy/policy/modules/services/mysql.if 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mysql.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/mysql.if 2009-03-12 11:23:09.000000000 -0400
@@ -161,6 +161,25 @@
allow $1 mysqld_db_t:sock_file rw_sock_file_perms;
')
@@ -14106,9 +13535,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.8/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/mysql.te 2009-03-10 08:25:54.000000000 -0400
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.9/policy/modules/services/mysql.te
+--- nsaserefpolicy/policy/modules/services/mysql.te 2009-03-12 11:16:47.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/mysql.te 2009-03-12 11:23:09.000000000 -0400
@@ -10,6 +10,10 @@
type mysqld_exec_t;
init_daemon_domain(mysqld_t, mysqld_exec_t)
@@ -14120,55 +13549,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type mysqld_var_run_t;
files_pid_file(mysqld_var_run_t)
-@@ -30,7 +34,7 @@
-
- ########################################
- #
--# Local policy
-+# Local mysqld policy
- #
-
- allow mysqld_t self:capability { dac_override setgid setuid sys_resource net_bind_service };
-@@ -121,3 +125,36 @@
- optional_policy(`
- udev_read_db(mysqld_t)
- ')
-+
-+#######################################
-+#
-+# Local mysqld_safe policy
-+#
-+
-+domtrans_pattern(mysqld_safe_t,mysqld_exec_t,mysqld_t)
-+
-+allow mysqld_safe_t self:capability { dac_override fowner chown };
-+allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
-+
-+append_files_pattern(mysqld_safe_t, mysqld_db_t, mysqld_db_t)
-+
-+mysql_read_config(mysqld_safe_t)
-+mysql_search_pid_files(mysqld_safe_t)
-+mysql_write_log(mysqld_safe_t)
-+
-+kernel_read_system_state(mysqld_safe_t)
-+
-+files_read_etc_files(mysqld_safe_t)
-+files_read_usr_files(mysqld_safe_t)
-+
-+dev_list_sysfs(mysqld_safe_t)
-+
-+corecmd_exec_bin(mysqld_safe_t)
-+
-+libs_use_ld_so(mysqld_safe_t)
-+libs_use_shared_libs(mysqld_safe_t)
-+
-+miscfiles_read_localization(mysqld_safe_t)
-+
-+permissive mysqld_safe_t;
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.8/policy/modules/services/nagios.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.9/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/nagios.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nagios.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,16 +1,19 @@
/etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0)
/etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -14193,9 +13576,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
+/usr/lib(64)?/cgi-bin/nagios(/.+)? gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.8/policy/modules/services/nagios.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.9/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/nagios.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nagios.if 2009-03-12 11:23:09.000000000 -0400
@@ -44,7 +44,7 @@
########################################
@@ -14315,9 +13698,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ admin_pattern($1, nrpe_etc_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.8/policy/modules/services/nagios.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.9/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nagios.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nagios.te 2009-03-12 11:23:09.000000000 -0400
@@ -10,13 +10,12 @@
type nagios_exec_t;
init_daemon_domain(nagios_t, nagios_exec_t)
@@ -14413,9 +13796,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.8/policy/modules/services/networkmanager.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.9/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/networkmanager.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/networkmanager.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,12 +1,25 @@
+/etc/rc\.d/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -14442,9 +13825,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.8/policy/modules/services/networkmanager.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.9/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/networkmanager.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/networkmanager.if 2009-03-12 11:23:09.000000000 -0400
@@ -118,6 +118,24 @@
########################################
@@ -14501,9 +13884,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types NetworkManager_t;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.8/policy/modules/services/networkmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.9/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/networkmanager.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/networkmanager.te 2009-03-12 11:23:09.000000000 -0400
@@ -19,6 +19,9 @@
type NetworkManager_tmp_t;
files_tmp_file(NetworkManager_tmp_t)
@@ -14733,9 +14116,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.8/policy/modules/services/nis.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.9/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/nis.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nis.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,9 +1,13 @@
-
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -14751,9 +14134,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.yppasswdd -- gen_context(system_u:object_r:yppasswdd_exec_t,s0)
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.8/policy/modules/services/nis.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.9/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nis.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nis.if 2009-03-12 11:23:09.000000000 -0400
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -14931,9 +14314,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types ypbind_t;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.8/policy/modules/services/nis.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.9/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nis.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nis.te 2009-03-12 11:23:09.000000000 -0400
@@ -13,6 +13,9 @@
type ypbind_exec_t;
init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -15008,17 +14391,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
corenet_dontaudit_udp_bind_all_reserved_ports(ypxfr_t)
corenet_tcp_connect_all_ports(ypxfr_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.8/policy/modules/services/nscd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.9/policy/modules/services/nscd.fc
--- nsaserefpolicy/policy/modules/services/nscd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/nscd.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nscd.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/nscd -- gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
/usr/sbin/nscd -- gen_context(system_u:object_r:nscd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.8/policy/modules/services/nscd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.9/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nscd.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nscd.if 2009-03-12 11:23:09.000000000 -0400
@@ -58,6 +58,42 @@
########################################
@@ -15141,9 +14524,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, nscd_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.8/policy/modules/services/nscd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.9/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nscd.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nscd.te 2009-03-12 11:23:09.000000000 -0400
@@ -20,6 +20,9 @@
type nscd_exec_t;
init_daemon_domain(nscd_t, nscd_exec_t)
@@ -15240,9 +14623,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ samba_read_config(nscd_t)
+ samba_read_var_files(nscd_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.8/policy/modules/services/ntp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.9/policy/modules/services/ntp.if
--- nsaserefpolicy/policy/modules/services/ntp.if 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/ntp.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ntp.if 2009-03-12 11:23:09.000000000 -0400
@@ -37,6 +37,32 @@
########################################
@@ -15340,9 +14723,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## All of the rules required to administrate
## an ntp environment
## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.8/policy/modules/services/ntp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.9/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ntp.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ntp.te 2009-03-12 11:23:09.000000000 -0400
@@ -25,6 +25,9 @@
type ntpd_tmp_t;
files_tmp_file(ntpd_tmp_t)
@@ -15407,9 +14790,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
firstboot_dontaudit_use_fds(ntpd_t)
firstboot_dontaudit_rw_pipes(ntpd_t)
firstboot_dontaudit_rw_stream_sockets(ntpd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.8/policy/modules/services/nx.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.9/policy/modules/services/nx.te
--- nsaserefpolicy/policy/modules/services/nx.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/nx.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/nx.te 2009-03-12 11:23:09.000000000 -0400
@@ -25,6 +25,9 @@
type nx_server_var_run_t;
files_pid_file(nx_server_var_run_t)
@@ -15430,18 +14813,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state(nx_server_t)
kernel_read_kernel_sysctls(nx_server_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.8/policy/modules/services/oddjob.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.9/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/oddjob.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/oddjob.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,4 +1,4 @@
-/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.8/policy/modules/services/oddjob.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.9/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/oddjob.if 2009-03-11 15:20:43.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/oddjob.if 2009-03-12 11:23:09.000000000 -0400
@@ -44,6 +44,7 @@
')
@@ -15479,9 +14862,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ oddjob_domtrans_mkhomedir($1)
+ role $2 types oddjob_mkhomedir_t;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.8/policy/modules/services/oddjob.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.9/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/oddjob.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/oddjob.te 2009-03-12 11:23:09.000000000 -0400
@@ -10,14 +10,21 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -15538,9 +14921,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Add/remove user home directories
userdom_home_filetrans_user_home_dir(oddjob_mkhomedir_t)
userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.6.8/policy/modules/services/openvpn.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.6.9/policy/modules/services/openvpn.fc
--- nsaserefpolicy/policy/modules/services/openvpn.fc 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/openvpn.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/openvpn.fc 2009-03-12 11:23:09.000000000 -0400
@@ -2,6 +2,7 @@
# /etc
#
@@ -15549,9 +14932,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/etc/rc\.d/init\.d/openvpn -- gen_context(system_u:object_r:openvpn_initrc_exec_t,s0)
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.6.8/policy/modules/services/openvpn.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.6.9/policy/modules/services/openvpn.if
--- nsaserefpolicy/policy/modules/services/openvpn.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/openvpn.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/openvpn.if 2009-03-12 11:23:09.000000000 -0400
@@ -46,6 +46,24 @@
########################################
@@ -15602,9 +14985,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Allow the specified domain to read
## OpenVPN configuration files.
## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.8/policy/modules/services/openvpn.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.9/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/openvpn.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/openvpn.te 2009-03-12 11:23:09.000000000 -0400
@@ -22,6 +22,9 @@
type openvpn_etc_t;
files_config_file(openvpn_etc_t)
@@ -15646,9 +15029,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_use_user_terminals(openvpn_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.8/policy/modules/services/pads.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.9/policy/modules/services/pads.fc
--- nsaserefpolicy/policy/modules/services/pads.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pads.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pads.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,12 @@
+
+/etc/pads-ether-codes -- gen_context(system_u:object_r:pads_config_t, s0)
@@ -15662,9 +15045,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/var/run/pads.pid -- gen_context(system_u:object_r:pads_var_run_t, s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.8/policy/modules/services/pads.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.9/policy/modules/services/pads.if
--- nsaserefpolicy/policy/modules/services/pads.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pads.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pads.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,10 @@
+## <summary>SELinux policy for PADS daemon.</summary>
+## <desc>
@@ -15676,9 +15059,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+## </p>
+## </desc>
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.8/policy/modules/services/pads.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.9/policy/modules/services/pads.te
--- nsaserefpolicy/policy/modules/services/pads.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pads.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pads.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,65 @@
+
+policy_module(pads, 0.0.1)
@@ -15745,9 +15128,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ prelude_manage_spool(pads_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.fc serefpolicy-3.6.8/policy/modules/services/pcscd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.fc serefpolicy-3.6.9/policy/modules/services/pcscd.fc
--- nsaserefpolicy/policy/modules/services/pcscd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/pcscd.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pcscd.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,5 +1,6 @@
/var/run/pcscd\.comm -s gen_context(system_u:object_r:pcscd_var_run_t,s0)
/var/run/pcscd\.pid -- gen_context(system_u:object_r:pcscd_var_run_t,s0)
@@ -15755,9 +15138,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/pcscd\.events(/.*)? gen_context(system_u:object_r:pcscd_var_run_t,s0)
/usr/sbin/pcscd -- gen_context(system_u:object_r:pcscd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.8/policy/modules/services/pcscd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.9/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pcscd.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pcscd.te 2009-03-12 11:23:09.000000000 -0400
@@ -27,9 +27,10 @@
allow pcscd_t self:unix_dgram_socket create_socket_perms;
allow pcscd_t self:tcp_socket create_stream_socket_perms;
@@ -15785,9 +15168,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
openct_stream_connect(pcscd_t)
openct_read_pid_files(pcscd_t)
openct_signull(pcscd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.8/policy/modules/services/pegasus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.9/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pegasus.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pegasus.te 2009-03-12 11:23:09.000000000 -0400
@@ -30,7 +30,7 @@
# Local policy
#
@@ -15859,9 +15242,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xen_stream_connect(pegasus_t)
+ xen_stream_connect_xenstore(pegasus_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.fc serefpolicy-3.6.8/policy/modules/services/pingd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.fc serefpolicy-3.6.9/policy/modules/services/pingd.fc
--- nsaserefpolicy/policy/modules/services/pingd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pingd.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pingd.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,11 @@
+
+/etc/pingd.conf -- gen_context(system_u:object_r:pingd_etc_t,s0)
@@ -15874,9 +15257,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.6.8/policy/modules/services/pingd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.6.9/policy/modules/services/pingd.if
--- nsaserefpolicy/policy/modules/services/pingd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pingd.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pingd.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,99 @@
+## <summary>policy for pingd</summary>
+
@@ -15977,9 +15360,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.te serefpolicy-3.6.8/policy/modules/services/pingd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.te serefpolicy-3.6.9/policy/modules/services/pingd.te
--- nsaserefpolicy/policy/modules/services/pingd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pingd.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pingd.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,54 @@
+policy_module(pingd,1.0.0)
+
@@ -16035,9 +15418,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.8/policy/modules/services/polkit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.9/policy/modules/services/polkit.fc
--- nsaserefpolicy/policy/modules/services/polkit.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/polkit.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/polkit.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,11 @@
+
+/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -16050,9 +15433,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
+
+/var/lib/misc/PolicyKit.reload gen_context(system_u:object_r:polkit_reload_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.8/policy/modules/services/polkit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.9/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/polkit.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/polkit.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,241 @@
+
+## <summary>policy for polkit_auth</summary>
@@ -16295,9 +15678,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 polkit_t:dbus send_msg;
+ allow polkit_t $1:dbus send_msg;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.8/policy/modules/services/polkit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.9/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/polkit.te 2009-03-11 15:59:49.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/polkit.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,237 @@
+policy_module(polkit_auth, 1.0.0)
+
@@ -16536,9 +15919,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ unconfined_ptrace(polkit_resolve_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.6.8/policy/modules/services/portreserve.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.6.9/policy/modules/services/portreserve.fc
--- nsaserefpolicy/policy/modules/services/portreserve.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/portreserve.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/portreserve.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,12 @@
+# portreserve executable will have:
+# label: system_u:object_r:portreserve_exec_t
@@ -16552,9 +15935,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/portreserve(/.*)? gen_context(system_u:object_r:portreserve_etc_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.6.8/policy/modules/services/portreserve.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.6.9/policy/modules/services/portreserve.if
--- nsaserefpolicy/policy/modules/services/portreserve.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/portreserve.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/portreserve.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,66 @@
+## <summary>policy for portreserve</summary>
+
@@ -16622,9 +16005,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ manage_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
+ read_lnk_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.8/policy/modules/services/portreserve.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.9/policy/modules/services/portreserve.te
--- nsaserefpolicy/policy/modules/services/portreserve.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/portreserve.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/portreserve.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,51 @@
+policy_module(portreserve,1.0.0)
+
@@ -16677,9 +16060,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+#init_use_fds(portreserve_t)
+#init_use_script_ptys(portreserve_t)
+#domain_use_interactive_fds(portreserve_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.8/policy/modules/services/postfix.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.9/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/postfix.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/postfix.fc 2009-03-12 11:23:09.000000000 -0400
@@ -29,12 +29,10 @@
/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -16693,9 +16076,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/postdrop -- gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
/usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.8/policy/modules/services/postfix.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.9/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/postfix.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/postfix.if 2009-03-12 11:23:09.000000000 -0400
@@ -46,6 +46,7 @@
allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -16889,9 +16272,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ domtrans_pattern($1, postfix_postdrop_exec_t, postfix_postdrop_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.8/policy/modules/services/postfix.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.9/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/postfix.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/postfix.te 2009-03-12 11:23:09.000000000 -0400
@@ -6,6 +6,15 @@
# Declarations
#
@@ -17239,9 +16622,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+userdom_manage_user_home_content(postfix_virtual_t)
+userdom_home_filetrans_user_home_dir(postfix_virtual_t)
+userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.8/policy/modules/services/postgresql.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.9/policy/modules/services/postgresql.fc
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/postgresql.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/postgresql.fc 2009-03-12 11:23:09.000000000 -0400
@@ -2,6 +2,7 @@
# /etc
#
@@ -17250,9 +16633,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /usr
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.8/policy/modules/services/postgresql.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.9/policy/modules/services/postgresql.if
--- nsaserefpolicy/policy/modules/services/postgresql.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/postgresql.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/postgresql.if 2009-03-12 11:23:09.000000000 -0400
@@ -351,3 +351,46 @@
typeattribute $1 sepgsql_unconfined_type;
@@ -17300,9 +16683,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ admin_pattern($1, postgresql_tmp_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.8/policy/modules/services/postgresql.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.9/policy/modules/services/postgresql.te
--- nsaserefpolicy/policy/modules/services/postgresql.te 2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/postgresql.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/postgresql.te 2009-03-12 11:23:09.000000000 -0400
@@ -32,6 +32,9 @@
type postgresql_etc_t;
files_config_file(postgresql_etc_t)
@@ -17356,9 +16739,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto };
allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.8/policy/modules/services/ppp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.9/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/ppp.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ppp.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,7 +1,7 @@
#
# /etc
@@ -17379,9 +16762,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /sbin
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.8/policy/modules/services/ppp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.9/policy/modules/services/ppp.if
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ppp.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ppp.if 2009-03-12 11:23:09.000000000 -0400
@@ -58,6 +58,25 @@
########################################
@@ -17482,9 +16865,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, pptp_var_run_t, pptp_var_run_t)
+ admin_pattern($1, pptp_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.8/policy/modules/services/ppp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.9/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ppp.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ppp.te 2009-03-12 11:23:09.000000000 -0400
@@ -37,8 +37,8 @@
type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)
@@ -17620,9 +17003,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-
-# FIXME:
-domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.6.8/policy/modules/services/prelude.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.6.9/policy/modules/services/prelude.fc
--- nsaserefpolicy/policy/modules/services/prelude.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/prelude.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/prelude.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,3 +1,9 @@
+/etc/prelude-correlator(/.*)? gen_context(system_u:object_r:prelude_correlator_config_t, s0)
+
@@ -17649,9 +17032,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/usr/bin/prelude-correlator -- gen_context(system_u:object_r:prelude_correlator_exec_t, s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.6.8/policy/modules/services/prelude.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.6.9/policy/modules/services/prelude.if
--- nsaserefpolicy/policy/modules/services/prelude.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/prelude.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/prelude.if 2009-03-12 11:23:09.000000000 -0400
@@ -6,7 +6,7 @@
## </summary>
## <param name="domain">
@@ -17764,9 +17147,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, prelude_lml_tmp_t)
+ admin_pattern($1, prelude_lml_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.8/policy/modules/services/prelude.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.9/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/prelude.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/prelude.te 2009-03-12 11:23:09.000000000 -0400
@@ -13,25 +13,57 @@
type prelude_spool_t;
files_type(prelude_spool_t)
@@ -18036,9 +17419,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
mysql_search_db(httpd_prewikka_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.8/policy/modules/services/procmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.9/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/procmail.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/procmail.te 2009-03-12 11:23:09.000000000 -0400
@@ -77,6 +77,7 @@
files_read_usr_files(procmail_t)
@@ -18066,9 +17449,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
pyzor_domtrans(procmail_t)
pyzor_signal(procmail_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.fc serefpolicy-3.6.8/policy/modules/services/psad.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.fc serefpolicy-3.6.9/policy/modules/services/psad.fc
--- nsaserefpolicy/policy/modules/services/psad.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/psad.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/psad.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,17 @@
+
+
@@ -18087,9 +17470,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/psad(/.*)? gen_context(system_u:object_r:psad_var_lib_t,s0)
+
+/var/log/psad(/.*)? gen_context(system_u:object_r:psad_var_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.6.8/policy/modules/services/psad.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.6.9/policy/modules/services/psad.if
--- nsaserefpolicy/policy/modules/services/psad.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/psad.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/psad.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,304 @@
+## <summary>Psad SELinux policy</summary>
+
@@ -18395,9 +17778,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_search_tmp($1)
+ admin_pattern($1, psad_tmp_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.6.8/policy/modules/services/psad.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.6.9/policy/modules/services/psad.te
--- nsaserefpolicy/policy/modules/services/psad.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/psad.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/psad.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,107 @@
+policy_module(psad,1.0.0)
+
@@ -18506,9 +17889,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive psad_t;
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.8/policy/modules/services/pyzor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.9/policy/modules/services/pyzor.fc
--- nsaserefpolicy/policy/modules/services/pyzor.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pyzor.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pyzor.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,6 +1,8 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -18518,9 +17901,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/bin/pyzor -- gen_context(system_u:object_r:pyzor_exec_t,s0)
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.8/policy/modules/services/pyzor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.9/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pyzor.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pyzor.if 2009-03-12 11:23:09.000000000 -0400
@@ -88,3 +88,50 @@
corecmd_search_bin($1)
can_exec($1, pyzor_exec_t)
@@ -18572,9 +17955,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.8/policy/modules/services/pyzor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.9/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/pyzor.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/pyzor.te 2009-03-12 11:23:09.000000000 -0400
@@ -6,6 +6,38 @@
# Declarations
#
@@ -18631,9 +18014,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_dontaudit_search_user_home_dirs(pyzor_t)
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.8/policy/modules/services/radvd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.9/policy/modules/services/radvd.te
--- nsaserefpolicy/policy/modules/services/radvd.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/radvd.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/radvd.te 2009-03-12 11:23:09.000000000 -0400
@@ -22,7 +22,7 @@
#
# Local policy
@@ -18643,9 +18026,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dontaudit radvd_t self:capability sys_tty_config;
allow radvd_t self:process signal_perms;
allow radvd_t self:unix_dgram_socket create_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.8/policy/modules/services/razor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.9/policy/modules/services/razor.if
--- nsaserefpolicy/policy/modules/services/razor.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/razor.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/razor.if 2009-03-12 11:23:09.000000000 -0400
@@ -157,3 +157,45 @@
domtrans_pattern($1, razor_exec_t, razor_t)
@@ -18692,9 +18075,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.8/policy/modules/services/razor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.9/policy/modules/services/razor.te
--- nsaserefpolicy/policy/modules/services/razor.te 2009-01-19 11:07:32.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/razor.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/razor.te 2009-03-12 11:23:09.000000000 -0400
@@ -6,6 +6,32 @@
# Declarations
#
@@ -18734,9 +18117,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
+
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.8/policy/modules/services/ricci.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.9/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ricci.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ricci.te 2009-03-12 11:23:09.000000000 -0400
@@ -133,6 +133,8 @@
dev_read_urand(ricci_t)
@@ -18841,9 +18224,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
ccs_stream_connect(ricci_modstorage_t)
ccs_read_config(ricci_modstorage_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.6.8/policy/modules/services/rlogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.6.9/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rlogin.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/rlogin.te 2009-03-12 11:23:09.000000000 -0400
@@ -91,10 +91,22 @@
remotelogin_signal(rlogind_t)
@@ -18869,9 +18252,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_read_cifs_files(rlogind_t)
+ fs_read_cifs_symlinks(rlogind_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.6.8/policy/modules/services/rpc.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.6.9/policy/modules/services/rpc.fc
--- nsaserefpolicy/policy/modules/services/rpc.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/rpc.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/rpc.fc 2009-03-12 11:23:09.000000000 -0400
@@ -13,6 +13,7 @@
# /usr
#
@@ -18880,9 +18263,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.gssd -- gen_context(system_u:object_r:gssd_exec_t,s0)
/usr/sbin/rpc\.mountd -- gen_context(system_u:object_r:nfsd_exec_t,s0)
/usr/sbin/rpc\.nfsd -- gen_context(system_u:object_r:nfsd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.6.8/policy/modules/services/rpc.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.6.9/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rpc.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/rpc.if 2009-03-12 11:23:09.000000000 -0400
@@ -88,8 +88,11 @@
# bind to arbitary unused ports
corenet_tcp_bind_generic_port($1_t)
@@ -18945,9 +18328,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_search_var_lib($1)
+ manage_files_pattern($1,var_lib_nfs_t,var_lib_nfs_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.8/policy/modules/services/rpc.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.9/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-03-02 16:51:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rpc.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/rpc.te 2009-03-12 11:23:09.000000000 -0400
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -19011,9 +18394,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.8/policy/modules/services/rshd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.9/policy/modules/services/rshd.te
--- nsaserefpolicy/policy/modules/services/rshd.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rshd.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/rshd.te 2009-03-12 11:23:09.000000000 -0400
@@ -51,7 +51,7 @@
files_list_home(rshd_t)
@@ -19023,9 +18406,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_login_pgm_domain(rshd_t)
auth_write_login_records(rshd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.8/policy/modules/services/rsync.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.9/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/rsync.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/rsync.te 2009-03-12 11:23:09.000000000 -0400
@@ -119,5 +119,9 @@
tunable_policy(`rsync_export_all_ro',`
@@ -19036,9 +18419,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ auth_tunable_read_shadow(rsync_t)
')
+auth_can_read_shadow_passwords(rsync_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.8/policy/modules/services/samba.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.9/policy/modules/services/samba.fc
--- nsaserefpolicy/policy/modules/services/samba.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/samba.fc 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/samba.fc 2009-03-12 11:23:09.000000000 -0400
@@ -2,6 +2,9 @@
#
# /etc
@@ -19065,9 +18448,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ifndef(`enable_mls',`
+/var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.8/policy/modules/services/samba.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.9/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/samba.if 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/samba.if 2009-03-12 11:23:09.000000000 -0400
@@ -4,6 +4,45 @@
## from Windows NT servers.
## </summary>
@@ -19465,9 +18848,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, samba_unconfined_script_exec_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.8/policy/modules/services/samba.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.9/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/samba.te 2009-03-10 08:25:54.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/samba.te 2009-03-12 11:23:09.000000000 -0400
@@ -66,6 +66,13 @@
## </desc>
gen_tunable(samba_share_nfs, false)
@@ -19927,9 +19310,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow winbind_t smbcontrol_t:process signal;
+
+allow smbcontrol_t nmbd_var_run_t:file { read lock };
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.8/policy/modules/services/sasl.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.9/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sasl.te 2009-03-10 11:54:49.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/sasl.te 2009-03-12 11:23:09.000000000 -0400
@@ -99,6 +99,7 @@
optional_policy(`
@@ -19949,9 +19332,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(saslauthd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.8/policy/modules/services/sendmail.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.9/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/sendmail.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/sendmail.if 2009-03-12 11:23:09.000000000 -0400
@@ -149,3 +149,92 @@
logging_log_filetrans($1, sendmail_log_t, file)
@@ -20045,9 +19428,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $1 sendmail_t:fifo_file rw_fifo_file_perms;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.8/policy/modules/services/sendmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.9/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sendmail.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/sendmail.te 2009-03-12 11:23:09.000000000 -0400
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -20215,18 +19598,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
-') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.8/policy/modules/services/setroubleshoot.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.9/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/setroubleshoot.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/setroubleshoot.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,3 +1,5 @@
+/etc/rc\.d/init\.d/setroubleshoot -- gen_context(system_u:object_r:setroubleshoot_initrc_exec_t,s0)
+
/usr/sbin/setroubleshootd -- gen_context(system_u:object_r:setroubleshootd_exec_t,s0)
/var/run/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.8/policy/modules/services/setroubleshoot.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.9/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/setroubleshoot.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/setroubleshoot.if 2009-03-12 11:23:09.000000000 -0400
@@ -16,8 +16,8 @@
')
@@ -20309,9 +19692,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, setroubleshoot_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.8/policy/modules/services/setroubleshoot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.9/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/setroubleshoot.te 2009-03-10 16:10:06.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/setroubleshoot.te 2009-03-12 11:23:09.000000000 -0400
@@ -11,6 +11,9 @@
domain_type(setroubleshootd_t)
init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
@@ -20397,9 +19780,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
rpm_read_db(setroubleshootd_t)
rpm_dontaudit_manage_db(setroubleshootd_t)
rpm_use_script_fds(setroubleshootd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.8/policy/modules/services/smartmon.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.9/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/smartmon.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/smartmon.te 2009-03-12 11:23:09.000000000 -0400
@@ -19,6 +19,10 @@
type fsdaemon_tmp_t;
files_tmp_file(fsdaemon_tmp_t)
@@ -20457,9 +19840,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.6.8/policy/modules/services/snmp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.6.9/policy/modules/services/snmp.fc
--- nsaserefpolicy/policy/modules/services/snmp.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/snmp.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/snmp.fc 2009-03-12 11:23:09.000000000 -0400
@@ -20,5 +20,5 @@
/var/net-snmp(/.*) gen_context(system_u:object_r:snmpd_var_lib_t,s0)
@@ -20467,9 +19850,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/var/run/snmpd -d gen_context(system_u:object_r:snmpd_var_run_t,s0)
+/var/run/snmpd(/.*)? gen_context(system_u:object_r:snmpd_var_run_t,s0)
/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.8/policy/modules/services/snmp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.9/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/snmp.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/snmp.te 2009-03-12 11:23:09.000000000 -0400
@@ -71,6 +71,7 @@
corenet_tcp_bind_snmp_port(snmpd_t)
corenet_udp_bind_snmp_port(snmpd_t)
@@ -20478,9 +19861,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_list_sysfs(snmpd_t)
dev_read_sysfs(snmpd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.6.8/policy/modules/services/snort.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.6.9/policy/modules/services/snort.te
--- nsaserefpolicy/policy/modules/services/snort.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/snort.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/snort.te 2009-03-12 11:23:09.000000000 -0400
@@ -56,6 +56,7 @@
files_pid_filetrans(snort_t, snort_var_run_t, file)
@@ -20511,9 +19894,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
seutil_sigchld_newrole(snort_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.8/policy/modules/services/spamassassin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.9/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/spamassassin.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/spamassassin.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,15 +1,24 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
@@ -20542,9 +19925,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/spamd(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
+/var/spool/MD-Quarantine(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
+/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.8/policy/modules/services/spamassassin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.9/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/spamassassin.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/spamassassin.if 2009-03-12 11:23:09.000000000 -0400
@@ -111,6 +111,7 @@
')
@@ -20631,9 +20014,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, spamd_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.8/policy/modules/services/spamassassin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.9/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/spamassassin.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/spamassassin.te 2009-03-12 11:23:09.000000000 -0400
@@ -20,6 +20,35 @@
## </desc>
gen_tunable(spamd_enable_home_dirs, true)
@@ -20892,9 +20275,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.6.8/policy/modules/services/squid.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.6.9/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/squid.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/squid.fc 2009-03-12 11:23:09.000000000 -0400
@@ -6,7 +6,11 @@
/usr/sbin/squid -- gen_context(system_u:object_r:squid_exec_t,s0)
/usr/share/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0)
@@ -20907,9 +20290,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
/var/spool/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.8/policy/modules/services/squid.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.9/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/squid.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/squid.if 2009-03-12 11:23:09.000000000 -0400
@@ -21,6 +21,25 @@
########################################
@@ -20936,9 +20319,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Send generic signals to squid.
## </summary>
## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.8/policy/modules/services/squid.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.9/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/squid.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/squid.te 2009-03-12 11:23:09.000000000 -0400
@@ -118,6 +118,9 @@
fs_getattr_all_fs(squid_t)
@@ -20958,18 +20341,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#squid requires the following when run in diskd mode, the recommended setting
-allow squid_t tmpfs_t:file { read write };
-') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.6.8/policy/modules/services/ssh.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.6.9/policy/modules/services/ssh.fc
--- nsaserefpolicy/policy/modules/services/ssh.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ssh.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ssh.fc 2009-03-12 11:23:09.000000000 -0400
@@ -14,3 +14,5 @@
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
/var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
+
+/root/\.ssh(/.*)? gen_context(system_u:object_r:home_ssh_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.8/policy/modules/services/ssh.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.9/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ssh.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ssh.if 2009-03-12 11:23:09.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -21198,9 +20581,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ can_exec($1, ssh_agent_exec_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.8/policy/modules/services/ssh.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.9/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ssh.te 2009-03-11 14:25:03.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ssh.te 2009-03-12 11:23:09.000000000 -0400
@@ -41,6 +41,9 @@
files_tmp_file(sshd_tmp_t)
files_poly_parent(sshd_tmp_t)
@@ -21368,9 +20751,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_syslog_msg(ssh_keygen_t)
userdom_dontaudit_use_unpriv_user_fds(ssh_keygen_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.6.8/policy/modules/services/sssd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.6.9/policy/modules/services/sssd.fc
--- nsaserefpolicy/policy/modules/services/sssd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sssd.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/sssd.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,6 @@
+
+/usr/sbin/sssd -- gen_context(system_u:object_r:sssd_exec_t,s0)
@@ -21378,9 +20761,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/rc.d/init.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
+/var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0)
+/var/lib/sss(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.6.8/policy/modules/services/sssd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.6.9/policy/modules/services/sssd.if
--- nsaserefpolicy/policy/modules/services/sssd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sssd.if 2009-03-10 09:54:45.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/sssd.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,249 @@
+
+## <summary>policy for sssd</summary>
@@ -21631,9 +21014,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.6.8/policy/modules/services/sssd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.6.9/policy/modules/services/sssd.te
--- nsaserefpolicy/policy/modules/services/sssd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sssd.te 2009-03-10 19:51:47.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/sssd.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,63 @@
+policy_module(sssd,1.0.0)
+
@@ -21698,9 +21081,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ dbus_system_bus_client(sssd_t)
+ dbus_connect_system_bus(sssd_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.6.8/policy/modules/services/stunnel.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.6.9/policy/modules/services/stunnel.fc
--- nsaserefpolicy/policy/modules/services/stunnel.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/stunnel.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/stunnel.fc 2009-03-12 11:23:09.000000000 -0400
@@ -2,5 +2,6 @@
/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0)
@@ -21708,9 +21091,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/bin/stunnel -- gen_context(system_u:object_r:stunnel_exec_t,s0)
/var/run/stunnel(/.*)? gen_context(system_u:object_r:stunnel_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.6.8/policy/modules/services/stunnel.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.6.9/policy/modules/services/stunnel.te
--- nsaserefpolicy/policy/modules/services/stunnel.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/stunnel.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/stunnel.te 2009-03-12 11:23:09.000000000 -0400
@@ -54,6 +54,8 @@
kernel_read_system_state(stunnel_t)
kernel_read_network_state(stunnel_t)
@@ -21728,9 +21111,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_search_home(stunnel_t)
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.fc serefpolicy-3.6.8/policy/modules/services/sysstat.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.fc serefpolicy-3.6.9/policy/modules/services/sysstat.fc
--- nsaserefpolicy/policy/modules/services/sysstat.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/sysstat.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/sysstat.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,6 +1,6 @@
/usr/lib(64)?/atsar/atsa.* -- gen_context(system_u:object_r:sysstat_exec_t,s0)
@@ -21739,9 +21122,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/sysstat/sa.* -- gen_context(system_u:object_r:sysstat_exec_t,s0)
/var/log/atsar(/.*)? gen_context(system_u:object_r:sysstat_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.6.8/policy/modules/services/sysstat.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.6.9/policy/modules/services/sysstat.te
--- nsaserefpolicy/policy/modules/services/sysstat.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/sysstat.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/sysstat.te 2009-03-12 11:23:09.000000000 -0400
@@ -19,13 +19,14 @@
# Local policy
#
@@ -21758,9 +21141,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
# get info from /proc
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.6.8/policy/modules/services/tor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.6.9/policy/modules/services/tor.te
--- nsaserefpolicy/policy/modules/services/tor.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/tor.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/tor.te 2009-03-12 11:23:09.000000000 -0400
@@ -34,7 +34,7 @@
# tor local policy
#
@@ -21770,9 +21153,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow tor_t self:fifo_file rw_fifo_file_perms;
allow tor_t self:unix_stream_socket create_stream_socket_perms;
allow tor_t self:netlink_route_socket r_netlink_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.fc serefpolicy-3.6.8/policy/modules/services/ulogd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.fc serefpolicy-3.6.9/policy/modules/services/ulogd.fc
--- nsaserefpolicy/policy/modules/services/ulogd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ulogd.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ulogd.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,10 @@
+
+/etc/rc\.d/init\.d/ulogd -- gen_context(system_u:object_r:ulogd_initrc_exec_t,s0)
@@ -21784,9 +21167,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/sbin/ulogd -- gen_context(system_u:object_r:ulogd_exec_t,s0)
+
+/var/log/ulogd(/.*)? gen_context(system_u:object_r:ulogd_var_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.if serefpolicy-3.6.8/policy/modules/services/ulogd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.if serefpolicy-3.6.9/policy/modules/services/ulogd.if
--- nsaserefpolicy/policy/modules/services/ulogd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ulogd.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ulogd.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,127 @@
+## <summary>policy for ulogd</summary>
+
@@ -21915,9 +21298,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_search_usr($1)
+ admin_pattern($1, ulogd_modules_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.te serefpolicy-3.6.8/policy/modules/services/ulogd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.te serefpolicy-3.6.9/policy/modules/services/ulogd.te
--- nsaserefpolicy/policy/modules/services/ulogd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/ulogd.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/ulogd.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,51 @@
+policy_module(ulogd,1.0.0)
+
@@ -21970,18 +21353,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_localization(ulogd_t)
+
+permissive ulogd_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.fc serefpolicy-3.6.8/policy/modules/services/uucp.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.fc serefpolicy-3.6.9/policy/modules/services/uucp.fc
--- nsaserefpolicy/policy/modules/services/uucp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/uucp.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/uucp.fc 2009-03-12 11:23:09.000000000 -0400
@@ -7,3 +7,5 @@
/var/spool/uucppublic(/.*)? gen_context(system_u:object_r:uucpd_spool_t,s0)
/var/log/uucp(/.*)? gen_context(system_u:object_r:uucpd_log_t,s0)
+
+/var/lock/uucp(/.*)? gen_context(system_u:object_r:uucpd_lock_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.8/policy/modules/services/uucp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.9/policy/modules/services/uucp.te
--- nsaserefpolicy/policy/modules/services/uucp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/uucp.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/uucp.te 2009-03-12 11:23:09.000000000 -0400
@@ -10,6 +10,9 @@
inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
role system_r types uucpd_t;
@@ -22011,9 +21394,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.8/policy/modules/services/virt.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.9/policy/modules/services/virt.fc
--- nsaserefpolicy/policy/modules/services/virt.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/virt.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/virt.fc 2009-03-12 11:23:09.000000000 -0400
@@ -8,5 +8,14 @@
/var/lib/libvirt(/.*)? gen_context(system_u:object_r:virt_var_lib_t,s0)
@@ -22029,9 +21412,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/cache/libvirt(/.*)? gen_context(system_u:object_r:svirt_cache_t,s0)
+
+/var/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.6.8/policy/modules/services/virt.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.6.9/policy/modules/services/virt.if
--- nsaserefpolicy/policy/modules/services/virt.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/virt.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/virt.if 2009-03-12 11:23:09.000000000 -0400
@@ -2,28 +2,6 @@
########################################
@@ -22177,9 +21560,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ')
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.8/policy/modules/services/virt.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.9/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/virt.te 2009-03-11 14:44:45.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/virt.te 2009-03-12 11:23:09.000000000 -0400
@@ -8,20 +8,18 @@
## <desc>
@@ -22340,7 +21723,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`virt_use_nfs',`
fs_manage_nfs_dirs(virtd_t)
-@@ -167,22 +215,33 @@
+@@ -167,22 +215,34 @@
dnsmasq_domtrans(virtd_t)
dnsmasq_signal(virtd_t)
dnsmasq_kill(virtd_t)
@@ -22359,15 +21742,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ kerberos_keytab_template(virtd, virtd_t)
+')
-+
-+optional_policy(`
-+ lvm_domtrans(virtd_t)
-+')
optional_policy(`
- qemu_domtrans(virtd_t)
++ lvm_domtrans(virtd_t)
++')
++
++optional_policy(`
+ polkit_domtrans_auth(virtd_t)
+ polkit_domtrans_resolve(virtd_t)
++ polkit_read_lib(virtd_t)
+')
+
+optional_policy(`
@@ -22379,7 +21763,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -198,5 +257,72 @@
+@@ -198,5 +258,73 @@
')
optional_policy(`
@@ -22416,6 +21800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+storage_raw_read_removable_device(svirt_t)
+
+userdom_search_user_home_content(svirt_t)
++userdom_read_all_users_state(svirt_t)
+
+append_files_pattern(svirt_t, virt_log_t, virt_log_t)
+
@@ -22453,9 +21838,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ xen_rw_image_files(svirt_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.8/policy/modules/services/w3c.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.9/policy/modules/services/w3c.te
--- nsaserefpolicy/policy/modules/services/w3c.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/services/w3c.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/w3c.te 2009-03-12 11:23:09.000000000 -0400
@@ -8,11 +8,18 @@
apache_content_template(w3c_validator)
@@ -22475,9 +21860,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t)
corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t)
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.8/policy/modules/services/xserver.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.9/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/xserver.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/xserver.fc 2009-03-12 11:23:09.000000000 -0400
@@ -3,12 +3,16 @@
#
HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -22545,9 +21930,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_suse',`
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.8/policy/modules/services/xserver.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.9/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/xserver.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/xserver.if 2009-03-12 11:23:09.000000000 -0400
@@ -90,7 +90,7 @@
allow $2 xauth_home_t:file manage_file_perms;
allow $2 xauth_home_t:file { relabelfrom relabelto };
@@ -23173,9 +22558,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow xdm_t $1:dbus send_msg;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.8/policy/modules/services/xserver.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.9/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/xserver.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/xserver.te 2009-03-12 11:23:09.000000000 -0400
@@ -34,6 +34,13 @@
## <desc>
@@ -23886,15 +23271,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#
-allow xdm_t user_home_type:file unlink;
-') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.fc serefpolicy-3.6.8/policy/modules/services/zosremote.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.fc serefpolicy-3.6.9/policy/modules/services/zosremote.fc
--- nsaserefpolicy/policy/modules/services/zosremote.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/zosremote.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/zosremote.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,2 @@
+
+/sbin/audispd-zos-remote -- gen_context(system_u:object_r:zos_remote_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.6.8/policy/modules/services/zosremote.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.6.9/policy/modules/services/zosremote.if
--- nsaserefpolicy/policy/modules/services/zosremote.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/zosremote.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/zosremote.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,46 @@
+## <summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>
+
@@ -23942,9 +23327,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ zos_remote_domtrans($1)
+ role $2 types zos_remote_t;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.te serefpolicy-3.6.8/policy/modules/services/zosremote.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.te serefpolicy-3.6.9/policy/modules/services/zosremote.te
--- nsaserefpolicy/policy/modules/services/zosremote.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/services/zosremote.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/services/zosremote.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,33 @@
+policy_module(zosremote,1.0.0)
+
@@ -23979,9 +23364,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_localization(zos_remote_t)
+
+logging_send_syslog_msg(zos_remote_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.6.8/policy/modules/system/application.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.6.9/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/application.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/application.te 2009-03-12 11:23:09.000000000 -0400
@@ -7,8 +7,18 @@
# Executables to be run by user
attribute application_exec_type;
@@ -24001,9 +23386,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ sudo_sigchld(application_domain_type)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.8/policy/modules/system/authlogin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.9/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/authlogin.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/authlogin.fc 2009-03-12 11:23:09.000000000 -0400
@@ -7,12 +7,10 @@
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
@@ -24030,9 +23415,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
+
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.8/policy/modules/system/authlogin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.9/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/authlogin.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/authlogin.if 2009-03-12 11:23:09.000000000 -0400
@@ -43,20 +43,38 @@
interface(`auth_login_pgm_domain',`
gen_require(`
@@ -24369,9 +23754,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_var_filetrans($1,auth_cache_t,{ file dir } )
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.8/policy/modules/system/authlogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.9/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/authlogin.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/authlogin.te 2009-03-12 11:23:09.000000000 -0400
@@ -12,7 +12,7 @@
type chkpwd_t, can_read_shadow_passwords;
@@ -24451,9 +23836,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_urand(pam_console_t)
mls_file_read_all_levels(pam_console_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.8/policy/modules/system/fstools.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.9/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/fstools.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/fstools.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -24467,9 +23852,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/sbin/parted -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.6.8/policy/modules/system/fstools.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.6.9/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/fstools.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/fstools.te 2009-03-12 11:23:09.000000000 -0400
@@ -97,6 +97,10 @@
fs_getattr_tmpfs_dirs(fsadm_t)
fs_read_tmpfs_symlinks(fsadm_t)
@@ -24501,9 +23886,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(fsadm_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.6.8/policy/modules/system/hostname.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.6.9/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/hostname.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/hostname.te 2009-03-12 11:23:09.000000000 -0400
@@ -8,7 +8,9 @@
type hostname_t;
@@ -24515,9 +23900,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
role system_r types hostname_t;
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.8/policy/modules/system/init.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.9/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/init.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/init.fc 2009-03-12 11:23:09.000000000 -0400
@@ -4,8 +4,7 @@
/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -24537,9 +23922,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /var
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.8/policy/modules/system/init.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.9/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/init.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/init.if 2009-03-12 11:23:09.000000000 -0400
@@ -280,6 +280,27 @@
kernel_dontaudit_use_fds($1)
')
@@ -24727,9 +24112,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 init_t:unix_dgram_socket sendto;
+ allow init_t $1:unix_dgram_socket sendto;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.8/policy/modules/system/init.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.9/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/init.te 2009-03-11 11:57:43.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/init.te 2009-03-12 11:23:09.000000000 -0400
@@ -17,6 +17,20 @@
## </desc>
gen_tunable(init_upstart,false)
@@ -25024,9 +24409,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ xserver_rw_xdm_home_files(daemon)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.6.8/policy/modules/system/ipsec.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.6.9/policy/modules/system/ipsec.fc
--- nsaserefpolicy/policy/modules/system/ipsec.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/ipsec.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/ipsec.fc 2009-03-12 11:23:09.000000000 -0400
@@ -16,6 +16,8 @@
/usr/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -25044,9 +24429,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/racoon -- gen_context(system_u:object_r:racoon_exec_t,s0)
/usr/sbin/setkey -- gen_context(system_u:object_r:setkey_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.8/policy/modules/system/ipsec.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.9/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/ipsec.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/ipsec.te 2009-03-12 11:23:09.000000000 -0400
@@ -55,11 +55,12 @@
allow ipsec_t self:capability { net_admin dac_override dac_read_search };
@@ -25163,17 +24548,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow setkey_t self:netlink_route_socket create_netlink_socket_perms;
allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.6.8/policy/modules/system/iptables.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.6.9/policy/modules/system/iptables.fc
--- nsaserefpolicy/policy/modules/system/iptables.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/iptables.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/iptables.fc 2009-03-12 11:23:09.000000000 -0400
@@ -6,3 +6,4 @@
/usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
+/var/lib/shorewall(/.*)? -- gen_context(system_u:object_r:iptables_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.8/policy/modules/system/iptables.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.9/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/iptables.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/iptables.te 2009-03-12 11:23:09.000000000 -0400
@@ -22,12 +22,12 @@
# Iptables local policy
#
@@ -25197,9 +24582,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domain_use_interactive_fds(iptables_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.8/policy/modules/system/iscsi.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.9/policy/modules/system/iscsi.te
--- nsaserefpolicy/policy/modules/system/iscsi.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/iscsi.te 2009-03-10 15:47:16.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/iscsi.te 2009-03-12 11:23:09.000000000 -0400
@@ -28,7 +28,7 @@
# iscsid local policy
#
@@ -25235,9 +24620,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-sysnet_dns_name_resolve(iscsid_t)
+miscfiles_read_localization(iscsid_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.8/policy/modules/system/libraries.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.9/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/libraries.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/libraries.fc 2009-03-12 11:23:09.000000000 -0400
@@ -60,12 +60,15 @@
#
# /opt
@@ -25417,9 +24802,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/local/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/local/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.8/policy/modules/system/libraries.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.9/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/libraries.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/libraries.te 2009-03-12 11:23:09.000000000 -0400
@@ -52,11 +52,11 @@
# ldconfig local policy
#
@@ -25476,9 +24861,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(ldconfig_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.8/policy/modules/system/locallogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.9/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/locallogin.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/locallogin.te 2009-03-12 11:23:09.000000000 -0400
@@ -67,6 +67,7 @@
dev_setattr_power_mgmt_dev(local_login_t)
dev_getattr_sound_dev(local_login_t)
@@ -25553,9 +24938,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-optional_policy(`
- nscd_socket_use(sulogin_t)
-')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.8/policy/modules/system/logging.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.9/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/logging.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/logging.fc 2009-03-12 11:23:09.000000000 -0400
@@ -53,15 +53,18 @@
/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0)
')
@@ -25579,9 +24964,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/tinydns/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.6.8/policy/modules/system/logging.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.6.9/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/logging.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/logging.if 2009-03-12 11:23:09.000000000 -0400
@@ -623,7 +623,7 @@
')
@@ -25600,9 +24985,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.8/policy/modules/system/logging.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.9/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/logging.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/logging.te 2009-03-12 11:23:09.000000000 -0400
@@ -126,7 +126,7 @@
allow auditd_t self:process { signal_perms setpgid setsched };
allow auditd_t self:file rw_file_perms;
@@ -25695,9 +25080,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow syslogd_t self:udp_socket create_socket_perms;
allow syslogd_t self:tcp_socket create_stream_socket_perms;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.6.8/policy/modules/system/lvm.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.6.9/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/lvm.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/lvm.fc 2009-03-12 11:23:09.000000000 -0400
@@ -55,6 +55,7 @@
/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -25711,9 +25096,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
+/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.6.8/policy/modules/system/lvm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.6.9/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/lvm.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/lvm.te 2009-03-12 11:23:09.000000000 -0400
@@ -10,6 +10,9 @@
type clvmd_exec_t;
init_daemon_domain(clvmd_t,clvmd_exec_t)
@@ -25920,9 +25305,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xen_append_log(lvm_t)
+ xen_dontaudit_rw_unix_stream_sockets(lvm_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.6.8/policy/modules/system/miscfiles.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.6.9/policy/modules/system/miscfiles.fc
--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/miscfiles.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/miscfiles.fc 2009-03-12 11:23:09.000000000 -0400
@@ -35,6 +35,7 @@
/usr/lib(64)?/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0)
@@ -25931,9 +25316,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/local/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.6.8/policy/modules/system/miscfiles.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.6.9/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/miscfiles.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/miscfiles.if 2009-03-12 11:23:09.000000000 -0400
@@ -23,6 +23,45 @@
########################################
@@ -25989,9 +25374,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dontaudit $1 fonts_t:file write;
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.6.8/policy/modules/system/modutils.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.6.9/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/modutils.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/modutils.te 2009-03-12 11:23:09.000000000 -0400
@@ -42,7 +42,7 @@
# insmod local policy
#
@@ -26104,9 +25489,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
#################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.6.8/policy/modules/system/mount.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.6.9/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/mount.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/mount.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,4 +1,6 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -26115,9 +25500,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/sbin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
+/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.8/policy/modules/system/mount.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.9/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/mount.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/mount.if 2009-03-12 11:23:09.000000000 -0400
@@ -43,9 +43,11 @@
mount_domtrans($1)
@@ -26153,9 +25538,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $1 mount_t:process signal;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.8/policy/modules/system/mount.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.9/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/mount.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/mount.te 2009-03-12 11:23:09.000000000 -0400
@@ -18,17 +18,18 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -26375,9 +25760,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ hal_rw_pipes(mount_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.6.8/policy/modules/system/raid.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.6.9/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/raid.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/raid.te 2009-03-12 11:23:09.000000000 -0400
@@ -39,6 +39,7 @@
dev_dontaudit_getattr_generic_files(mdadm_t)
dev_dontaudit_getattr_generic_chr_files(mdadm_t)
@@ -26386,9 +25771,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_search_auto_mountpoints(mdadm_t)
fs_dontaudit_list_tmpfs(mdadm_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.8/policy/modules/system/selinuxutil.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.9/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/selinuxutil.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/selinuxutil.fc 2009-03-12 11:23:09.000000000 -0400
@@ -6,13 +6,13 @@
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
@@ -26427,9 +25812,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.6.8/policy/modules/system/selinuxutil.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.6.9/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/selinuxutil.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/selinuxutil.if 2009-03-12 11:23:09.000000000 -0400
@@ -535,6 +535,53 @@
########################################
@@ -26818,9 +26203,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ hotplug_use_fds($1)
+')
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.8/policy/modules/system/selinuxutil.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.9/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/selinuxutil.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/selinuxutil.te 2009-03-12 11:23:09.000000000 -0400
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -27192,9 +26577,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- hotplug_use_fds(setfiles_t)
+ unconfined_domain(setfiles_mac_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.6.8/policy/modules/system/setrans.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.6.9/policy/modules/system/setrans.if
--- nsaserefpolicy/policy/modules/system/setrans.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/setrans.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/setrans.if 2009-03-12 11:23:09.000000000 -0400
@@ -21,3 +21,23 @@
stream_connect_pattern($1,setrans_var_run_t,setrans_var_run_t,setrans_t)
files_list_pids($1)
@@ -27219,9 +26604,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ init_labeled_script_domtrans($1, setrans_initrc_exec_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.8/policy/modules/system/sysnetwork.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.9/policy/modules/system/sysnetwork.fc
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/sysnetwork.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/sysnetwork.fc 2009-03-12 11:23:09.000000000 -0400
@@ -11,8 +11,12 @@
/etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0)
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -27250,9 +26635,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
+
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.8/policy/modules/system/sysnetwork.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.9/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/sysnetwork.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/sysnetwork.if 2009-03-12 11:23:09.000000000 -0400
@@ -43,6 +43,39 @@
sysnet_domtrans_dhcpc($1)
@@ -27421,9 +26806,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ role_transition $1 dhcpc_exec_t system_r;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.8/policy/modules/system/sysnetwork.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.9/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/sysnetwork.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/sysnetwork.te 2009-03-12 11:23:09.000000000 -0400
@@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -27607,18 +26992,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_xen_state(ifconfig_t)
kernel_write_xen_state(ifconfig_t)
xen_append_log(ifconfig_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.8/policy/modules/system/udev.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.9/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/udev.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/udev.fc 2009-03-12 11:23:09.000000000 -0400
@@ -17,3 +17,5 @@
/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
+
+/var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.6.8/policy/modules/system/udev.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.6.9/policy/modules/system/udev.if
--- nsaserefpolicy/policy/modules/system/udev.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/udev.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/udev.if 2009-03-12 11:23:09.000000000 -0400
@@ -20,6 +20,24 @@
########################################
@@ -27697,9 +27082,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- allow $1 udev_tdb_t:file rw_file_perms;
+ allow $1 udev_tbl_t:file rw_file_perms;
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.8/policy/modules/system/udev.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.9/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2009-03-02 16:51:45.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/udev.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/udev.te 2009-03-12 11:23:09.000000000 -0400
@@ -55,6 +55,7 @@
can_exec(udev_t, udev_exec_t)
@@ -27784,9 +27169,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
xserver_read_xdm_pid(udev_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.6.8/policy/modules/system/unconfined.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.6.9/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.6.8/policy/modules/system/unconfined.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/unconfined.fc 2009-03-12 11:23:09.000000000 -0400
@@ -2,15 +2,28 @@
# e.g.:
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -27825,9 +27210,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/ghc-[^/]+/ghc-.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
+
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.8/policy/modules/system/unconfined.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.9/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/unconfined.if 2009-03-10 16:09:06.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/unconfined.if 2009-03-12 11:23:09.000000000 -0400
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -28105,9 +27490,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $1 unconfined_r;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.8/policy/modules/system/unconfined.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.9/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/unconfined.te 2009-03-11 16:24:23.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/unconfined.te 2009-03-12 11:23:09.000000000 -0400
@@ -5,6 +5,35 @@
#
# Declarations
@@ -28470,9 +27855,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.8/policy/modules/system/userdomain.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.9/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/userdomain.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/userdomain.fc 2009-03-12 11:23:09.000000000 -0400
@@ -1,4 +1,7 @@
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
+HOME_DIR -l gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -28482,9 +27867,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
+/dev/shm/pulse-shm.* gen_context(system_u:object_r:user_tmpfs_t,s0)
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.8/policy/modules/system/userdomain.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.9/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/userdomain.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/userdomain.if 2009-03-12 11:23:09.000000000 -0400
@@ -30,8 +30,9 @@
')
@@ -30331,9 +29716,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 userdomain:key manage_key_perms;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.8/policy/modules/system/userdomain.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.9/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/userdomain.te 2009-03-10 15:58:19.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/userdomain.te 2009-03-12 11:23:09.000000000 -0400
@@ -8,13 +8,6 @@
## <desc>
@@ -30417,14 +29802,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ fs_read_cifs_named_sockets(userhomereader)
+ fs_read_cifs_named_pipes(userhomereader)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.fc serefpolicy-3.6.8/policy/modules/system/virtual.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.fc serefpolicy-3.6.9/policy/modules/system/virtual.fc
--- nsaserefpolicy/policy/modules/system/virtual.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/virtual.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/virtual.fc 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1 @@
+# No application file contexts.
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.if serefpolicy-3.6.8/policy/modules/system/virtual.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.if serefpolicy-3.6.9/policy/modules/system/virtual.if
--- nsaserefpolicy/policy/modules/system/virtual.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/virtual.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/virtual.if 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,99 @@
+## <summary>Virtual machine emulator and virtualizer</summary>
+
@@ -30525,9 +29910,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ manage_lnk_files_pattern($1, virtual_image_type, virtual_image_type)
+ rw_blk_files_pattern($1, virtual_image_type, virtual_image_type)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.8/policy/modules/system/virtual.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.9/policy/modules/system/virtual.te
--- nsaserefpolicy/policy/modules/system/virtual.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/virtual.te 2009-03-11 14:43:06.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/virtual.te 2009-03-12 11:23:09.000000000 -0400
@@ -0,0 +1,80 @@
+
+policy_module(virtualization, 1.1.2)
@@ -30609,9 +29994,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_read_xdm_pid(virtualdomain)
+ xserver_rw_shm(virtualdomain)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.6.8/policy/modules/system/xen.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.6.9/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/xen.fc 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/xen.fc 2009-03-12 11:23:09.000000000 -0400
@@ -2,17 +2,10 @@
/usr/bin/virsh -- gen_context(system_u:object_r:xm_exec_t,s0)
@@ -30638,9 +30023,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0)
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.6.8/policy/modules/system/xen.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.6.9/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/xen.if 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/xen.if 2009-03-12 11:23:09.000000000 -0400
@@ -167,11 +167,14 @@
#
interface(`xen_stream_connect',`
@@ -30682,9 +30067,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 xend_var_lib_t:dir search_dir_perms;
+ rw_files_pattern($1, xen_image_t, xen_image_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.8/policy/modules/system/xen.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.9/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.8/policy/modules/system/xen.te 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/modules/system/xen.te 2009-03-12 11:23:09.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -30906,39 +30291,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ unconfined_domain(xend_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.8/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.6.8/policy/support/obj_perm_sets.spt 2009-03-10 08:25:55.000000000 -0400
-@@ -179,20 +179,20 @@
- #
- # Directory (dir)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/ipc_patterns.spt serefpolicy-3.6.9/policy/support/ipc_patterns.spt
+--- nsaserefpolicy/policy/support/ipc_patterns.spt 2009-03-12 11:16:47.000000000 -0400
++++ serefpolicy-3.6.9/policy/support/ipc_patterns.spt 2009-03-12 11:23:09.000000000 -0400
+@@ -3,12 +3,12 @@
#
--define(`getattr_dir_perms',`{ getattr }')
--define(`setattr_dir_perms',`{ setattr }')
--define(`search_dir_perms',`{ getattr search }')
-+define(`getattr_dir_perms',`{ getattr open }')
-+define(`setattr_dir_perms',`{ setattr open }')
-+define(`search_dir_perms',`{ getattr search open }')
- define(`list_dir_perms',`{ getattr search open read lock ioctl }')
- define(`add_entry_dir_perms',`{ getattr search open lock ioctl write add_name }')
- define(`del_entry_dir_perms',`{ getattr search open lock ioctl write remove_name }')
- define(`rw_dir_perms', `{ open read getattr lock search ioctl add_name remove_name write }')
--define(`create_dir_perms',`{ getattr create }')
--define(`rename_dir_perms',`{ getattr rename }')
--define(`delete_dir_perms',`{ getattr rmdir }')
-+define(`create_dir_perms',`{ getattr create open }')
-+define(`rename_dir_perms',`{ getattr rename open }')
-+define(`delete_dir_perms',`{ getattr rmdir open }')
- define(`manage_dir_perms',`{ create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
--define(`relabelfrom_dir_perms',`{ getattr relabelfrom }')
--define(`relabelto_dir_perms',`{ getattr relabelto }')
--define(`relabel_dir_perms',`{ getattr relabelfrom relabelto }')
-+define(`relabelfrom_dir_perms',`{ getattr open relabelfrom }')
-+define(`relabelto_dir_perms',`{ getattr open relabelto }')
-+define(`relabel_dir_perms',`{ getattr open relabelfrom relabelto }')
-
- #
- # Regular file (file)
+ define(`stream_connect_pattern',`
+ allow $1 $2:dir search_dir_perms;
+- allow $1 $3:sock_file write_sock_file_perms;
++ allow $1 $3:sock_file { getattr write };
+ allow $1 $4:unix_stream_socket connectto;
+ ')
+
+ define(`dgram_send_pattern',`
+ allow $1 $2:dir search_dir_perms;
+- allow $1 $3:sock_file write_sock_file_perms;
++ allow $1 $3:sock_file { getattr write };
+ allow $1 $4:unix_dgram_socket sendto;
+ ')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.9/policy/support/obj_perm_sets.spt
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2009-03-12 11:16:47.000000000 -0400
++++ serefpolicy-3.6.9/policy/support/obj_perm_sets.spt 2009-03-12 11:23:09.000000000 -0400
@@ -225,7 +225,7 @@
define(`create_lnk_file_perms',`{ create getattr }')
define(`rename_lnk_file_perms',`{ getattr rename }')
@@ -30948,25 +30321,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
-@@ -252,13 +252,13 @@
- #
- define(`getattr_sock_file_perms',`{ getattr }')
- define(`setattr_sock_file_perms',`{ setattr }')
--define(`read_sock_file_perms',`{ getattr read }')
--define(`write_sock_file_perms',`{ getattr write append }')
--define(`rw_sock_file_perms',`{ getattr read write append }')
--define(`create_sock_file_perms',`{ getattr create }')
-+define(`read_sock_file_perms',`{ getattr open read }')
-+define(`write_sock_file_perms',`{ getattr write open append }')
-+define(`rw_sock_file_perms',`{ getattr open read write append }')
-+define(`create_sock_file_perms',`{ getattr create open }')
- define(`rename_sock_file_perms',`{ getattr rename }')
- define(`delete_sock_file_perms',`{ getattr unlink }')
--define(`manage_sock_file_perms',`{ create getattr setattr read write rename link unlink ioctl lock append }')
-+define(`manage_sock_file_perms',`{ create open getattr setattr read write rename link unlink ioctl lock append }')
- define(`relabelfrom_sock_file_perms',`{ getattr relabelfrom }')
- define(`relabelto_sock_file_perms',`{ getattr relabelto }')
- define(`relabel_sock_file_perms',`{ getattr relabelfrom relabelto }')
@@ -312,3 +312,13 @@
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
@@ -30981,9 +30335,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.8/policy/users
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.9/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.8/policy/users 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/policy/users 2009-03-12 11:23:09.000000000 -0400
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
@@ -31008,9 +30362,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
-')
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.6.8/Rules.modular
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.6.9/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/Rules.modular 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/Rules.modular 2009-03-12 11:23:09.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -31040,9 +30394,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rul
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.6.8/support/Makefile.devel
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.6.9/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.8/support/Makefile.devel 2009-03-10 08:25:55.000000000 -0400
++++ serefpolicy-3.6.9/support/Makefile.devel 2009-03-12 11:23:09.000000000 -0400
@@ -185,8 +185,7 @@
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 0243b94..d9e6174 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,8 +19,8 @@
%define CHECKPOLICYVER 2.0.16-3
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.6.8
-Release: 4%{?dist}
+Version: 3.6.9
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -186,7 +186,7 @@ fi;
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2920.
+Based off of reference policy: Checked out revision 2925.
%build
@@ -444,6 +444,9 @@ exit 0
%endif
%changelog
+* Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> 3.6.9-1
+- Upgrade to latest upstream
+
* Tue Mar 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.8-4
- Fixes for iscsid and sssd
- More cleanups for upgrade from F10 to Rawhide.
diff --git a/sources b/sources
index ea29897..ef2f6ed 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d68d01d807cbfcdf83ace30919af3172 serefpolicy-3.6.8.tgz
+42687aff1e3a70d6bae553beae727d95 serefpolicy-3.6.9.tgz