diff --git a/policy-20070703.patch b/policy-20070703.patch
index 767fdba..f284787 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -2814,7 +2814,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.7/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-07-03 07:05:38.000000000 -0400
-+++ serefpolicy-3.0.7/policy/modules/kernel/files.if 2007-09-11 08:45:38.000000000 -0400
++++ serefpolicy-3.0.7/policy/modules/kernel/files.if 2007-09-11 14:40:00.000000000 -0400
@@ -343,8 +343,7 @@
########################################
@@ -3289,7 +3289,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.0.7/policy/modules/kernel/selinux.if
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-07-03 07:05:38.000000000 -0400
-+++ serefpolicy-3.0.7/policy/modules/kernel/selinux.if 2007-09-06 15:43:06.000000000 -0400
++++ serefpolicy-3.0.7/policy/modules/kernel/selinux.if 2007-09-11 13:01:12.000000000 -0400
@@ -138,6 +138,7 @@
type security_t;
')
@@ -6285,7 +6285,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.0.7/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.7/policy/modules/services/ftp.te 2007-09-10 14:54:57.000000000 -0400
++++ serefpolicy-3.0.7/policy/modules/services/ftp.te 2007-09-11 14:32:19.000000000 -0400
@@ -88,6 +88,7 @@
allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
allow ftpd_t self:tcp_socket create_stream_socket_perms;
@@ -6327,20 +6327,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
')
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
-@@ -252,7 +264,9 @@
+@@ -252,7 +264,10 @@
')
optional_policy(`
+ kerberos_use(ftpd_t)
kerberos_read_keytab(ftpd_t)
+ kerberos_manage_host_rcache(ftpd_t)
++ selinux_validate_context(ftpd_t)
')
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.0.7/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2007-05-30 11:47:29.000000000 -0400
-+++ serefpolicy-3.0.7/policy/modules/services/hal.fc 2007-09-06 15:43:06.000000000 -0400
-@@ -8,9 +8,15 @@
++++ serefpolicy-3.0.7/policy/modules/services/hal.fc 2007-09-11 15:14:05.000000000 -0400
+@@ -8,9 +8,17 @@
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
/usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0)
@@ -6356,6 +6357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
+
+/var/log/pm-suspend.log gen_context(system_u:object_r:hald_log_t,s0)
+
++/var/run/pm(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
++/var/log/pm(/.*)? gen_context(system_u:object_r:hald_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.0.7/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.7/policy/modules/services/hal.if 2007-09-06 15:43:06.000000000 -0400
@@ -7386,7 +7389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.7/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.7/policy/modules/services/networkmanager.te 2007-09-06 15:43:06.000000000 -0400
++++ serefpolicy-3.0.7/policy/modules/services/networkmanager.te 2007-09-11 14:21:48.000000000 -0400
@@ -20,7 +20,7 @@
# networkmanager will ptrace itself if gdb is installed
@@ -7405,7 +7408,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
corenet_all_recvfrom_unlabeled(NetworkManager_t)
corenet_all_recvfrom_netlabel(NetworkManager_t)
corenet_tcp_sendrecv_all_if(NetworkManager_t)
-@@ -152,6 +154,11 @@
+@@ -136,6 +138,9 @@
+ dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
+ dbus_connect_system_bus(NetworkManager_t)
+ dbus_send_system_bus(NetworkManager_t)
++ optional_policy(`
++ rpm_dbus_chat(NetworkManager_t)
++ ')
+ ')
+
+ optional_policy(`
+@@ -152,6 +157,11 @@
')
optional_policy(`
@@ -7417,7 +7430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
ppp_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
ppp_signal(NetworkManager_t)
-@@ -166,8 +173,10 @@
+@@ -166,8 +176,10 @@
')
optional_policy(`
@@ -9669,7 +9682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.0.7/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.7/policy/modules/services/setroubleshoot.te 2007-09-11 11:09:25.000000000 -0400
++++ serefpolicy-3.0.7/policy/modules/services/setroubleshoot.te 2007-09-11 15:24:02.000000000 -0400
@@ -33,7 +33,6 @@
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -9705,13 +9718,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
selinux_get_enforce_mode(setroubleshootd_t)
selinux_validate_context(setroubleshootd_t)
-@@ -109,5 +114,7 @@
+@@ -109,5 +114,8 @@
')
optional_policy(`
- nis_use_ypbind(setroubleshootd_t)
+ dbus_system_bus_client_template(setroubleshootd, setroubleshootd_t)
+ dbus_send_system_bus(setroubleshootd_t)
++ dbus_connect_system_bus(setroubleshootd_t)
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.0.7/policy/modules/services/snmp.fc
@@ -11302,8 +11316,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
+/usr/sbin/brctl -- gen_context(system_u:object_r:brctl_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.if serefpolicy-3.0.7/policy/modules/system/brctl.if
--- nsaserefpolicy/policy/modules/system/brctl.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.7/policy/modules/system/brctl.if 2007-09-06 15:43:06.000000000 -0400
-@@ -0,0 +1,25 @@
++++ serefpolicy-3.0.7/policy/modules/system/brctl.if 2007-09-11 14:23:37.000000000 -0400
+@@ -0,0 +1,43 @@
+
+## Utilities for configuring the linux ethernet bridge
+
@@ -11329,6 +11343,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
+ allow brctl_t $1:fifo_file rw_file_perms;
+ allow brctl_t $1:process sigchld;
+')
++
++########################################
++##
++## Get attributes brctl executable.
++##
++##
++##
++## Domain allowed to transition.
++##
++##
++#
++interface(`brctl_getattr',`
++ gen_require(`
++ type brctl_exec_t;
++ ')
++
++ allow $1 brctl_exec_t:file getattr;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.te serefpolicy-3.0.7/policy/modules/system/brctl.te
--- nsaserefpolicy/policy/modules/system/brctl.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.7/policy/modules/system/brctl.te 2007-09-10 08:59:32.000000000 -0400
@@ -15418,7 +15450,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.0.7/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.7/policy/modules/system/xen.te 2007-09-07 08:48:47.000000000 -0400
++++ serefpolicy-3.0.7/policy/modules/system/xen.te 2007-09-11 14:25:59.000000000 -0400
@@ -95,7 +95,7 @@
read_lnk_files_pattern(xend_t,xen_image_t,xen_image_t)
rw_blk_files_pattern(xend_t,xen_image_t,xen_image_t)
@@ -15428,7 +15460,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
dev_filetrans(xend_t, xenctl_t, fifo_file)
manage_files_pattern(xend_t,xend_tmp_t,xend_tmp_t)
-@@ -126,7 +126,7 @@
+@@ -122,11 +122,13 @@
+ manage_fifo_files_pattern(xend_t,xend_var_lib_t,xend_var_lib_t)
+ files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir })
+
++init_stream_connect_script(xend_t)
++
+ # transition to store
domain_auto_trans(xend_t, xenstored_exec_t, xenstored_t)
allow xenstored_t xend_t:fd use;
allow xenstored_t xend_t:process sigchld;
@@ -15437,7 +15475,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
# transition to console
domain_auto_trans(xend_t, xenconsoled_exec_t, xenconsoled_t)
-@@ -176,6 +176,7 @@
+@@ -176,6 +178,7 @@
files_manage_etc_runtime_files(xend_t)
files_etc_filetrans_etc_runtime(xend_t,file)
files_read_usr_files(xend_t)
@@ -15445,7 +15483,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
storage_raw_read_fixed_disk(xend_t)
storage_raw_write_fixed_disk(xend_t)
-@@ -224,7 +225,7 @@
+@@ -214,6 +217,10 @@
+ netutils_domtrans(xend_t)
+
+ optional_policy(`
++ brctl_getattr(xend_t)
++')
++
++optional_policy(`
+ consoletype_exec(xend_t)
+ ')
+
+@@ -224,7 +231,7 @@
allow xenconsoled_t self:capability { dac_override fsetid ipc_lock };
allow xenconsoled_t self:unix_stream_socket create_stream_socket_perms;
@@ -15454,7 +15503,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
allow xenconsoled_t xen_devpts_t:chr_file rw_term_perms;
-@@ -257,7 +258,7 @@
+@@ -257,7 +264,7 @@
miscfiles_read_localization(xenconsoled_t)
@@ -15463,7 +15512,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
xen_stream_connect_xenstore(xenconsoled_t)
########################################
-@@ -265,7 +266,7 @@
+@@ -265,7 +272,7 @@
# Xen store local policy
#
@@ -15472,7 +15521,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
allow xenstored_t self:unix_stream_socket create_stream_socket_perms;
allow xenstored_t self:unix_dgram_socket create_socket_perms;
-@@ -318,12 +319,13 @@
+@@ -318,12 +325,13 @@
allow xm_t self:capability { dac_override ipc_lock sys_tty_config };
# internal communication is often done using fifo and unix sockets.
@@ -15487,7 +15536,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
files_search_var_lib(xm_t)
allow xm_t xen_image_t:dir rw_dir_perms;
-@@ -336,6 +338,7 @@
+@@ -336,6 +344,7 @@
kernel_write_xen_state(xm_t)
corecmd_exec_bin(xm_t)
@@ -15495,7 +15544,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
corenet_tcp_sendrecv_generic_if(xm_t)
corenet_tcp_sendrecv_all_nodes(xm_t)
-@@ -366,3 +369,14 @@
+@@ -353,6 +362,7 @@
+
+ term_use_all_terms(xm_t)
+
++init_stream_connect_script(xm_t)
+ init_rw_script_stream_sockets(xm_t)
+ init_use_fds(xm_t)
+
+@@ -366,3 +376,14 @@
xen_append_log(xm_t)
xen_stream_connect(xm_t)
xen_stream_connect_xenstore(xm_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a313b6d..711dc3a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.7
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -362,6 +362,9 @@ exit 0
%endif
%changelog
+* Tue Sep 11 2007 Dan Walsh 3.0.7-10
+- Allow NetworkManager to dbus chat with yum-updated
+
* Tue Sep 11 2007 Dan Walsh 3.0.7-9
- Allow xfs to bind to port 7100