diff --git a/policy-F14.patch b/policy-F14.patch
index 165119e..98c627a 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.8.6/Makefile
---- nsaserefpolicy/Makefile 2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.8.6/Makefile 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/Makefile 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/Makefile 2010-07-09 08:39:38.918146168 +0200
@@ -244,7 +244,7 @@
appdir := $(contextpath)
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -11,8 +11,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.8.6/M
all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/git_selinux.8 serefpolicy-3.8.6/man/man8/git_selinux.8
---- nsaserefpolicy/man/man8/git_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/man/man8/git_selinux.8 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/man/man8/git_selinux.8 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/man/man8/git_selinux.8 2010-07-09 08:39:38.919145613 +0200
@@ -0,0 +1,109 @@
+.TH "git_selinux" "8" "27 May 2010" "domg472@gmail.com" "Git SELinux policy documentation"
+.de EX
@@ -124,8 +124,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/git_selinux.8 seref
+.SH "SEE ALSO"
+selinux(8), git(8), chcon(1), semodule(8), setsebool(8)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.8.6/policy/global_tunables
---- nsaserefpolicy/policy/global_tunables 2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.8.6/policy/global_tunables 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/global_tunables 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/global_tunables 2010-07-09 08:39:38.920159167 +0200
@@ -61,15 +61,6 @@
## <desc>
@@ -162,16 +162,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
+gen_tunable(mmap_low_allowed, false)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.fc serefpolicy-3.8.6/policy/modules/admin/accountsd.fc
---- nsaserefpolicy/policy/modules/admin/accountsd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/accountsd.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/accountsd.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/accountsd.fc 2010-07-09 08:39:38.922143809 +0200
@@ -0,0 +1,4 @@
+
+/usr/libexec/accounts-daemon -- gen_context(system_u:object_r:accountsd_exec_t,s0)
+
+/var/lib/AccountsService(/.*)? gen_context(system_u:object_r:accountsd_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.if serefpolicy-3.8.6/policy/modules/admin/accountsd.if
---- nsaserefpolicy/policy/modules/admin/accountsd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/accountsd.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/accountsd.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/accountsd.if 2010-07-09 08:39:38.922143809 +0200
@@ -0,0 +1,164 @@
+## <summary>policy for accountsd</summary>
+
@@ -338,8 +338,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
+ accountsd_manage_var_lib($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.te serefpolicy-3.8.6/policy/modules/admin/accountsd.te
---- nsaserefpolicy/policy/modules/admin/accountsd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/accountsd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/accountsd.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/accountsd.te 2010-07-09 08:39:38.923147794 +0200
@@ -0,0 +1,62 @@
+policy_module(accountsd,1.0.0)
+
@@ -404,8 +404,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
+ xserver_dbus_chat_xdm(accountsd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.8.6/policy/modules/admin/anaconda.te
---- nsaserefpolicy/policy/modules/admin/anaconda.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/anaconda.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/anaconda.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/anaconda.te 2010-07-09 08:39:38.924147379 +0200
@@ -28,8 +28,10 @@
logging_send_syslog_msg(anaconda_t)
@@ -427,8 +427,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anacond
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.8.6/policy/modules/admin/certwatch.te
---- nsaserefpolicy/policy/modules/admin/certwatch.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/certwatch.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/certwatch.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/certwatch.te 2010-07-09 08:39:38.924147379 +0200
@@ -35,7 +35,7 @@
miscfiles_read_localization(certwatch_t)
@@ -439,8 +439,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat
optional_policy(`
apache_exec_modules(certwatch_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.8.6/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/consoletype.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/consoletype.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/consoletype.te 2010-07-09 08:39:38.925143751 +0200
@@ -85,6 +85,7 @@
hal_dontaudit_rw_pipes(consoletype_t)
hal_dontaudit_rw_dgram_sockets(consoletype_t)
@@ -450,8 +450,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.8.6/policy/modules/admin/dmesg.te
---- nsaserefpolicy/policy/modules/admin/dmesg.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/dmesg.te 2010-06-21 13:57:40.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/dmesg.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/dmesg.te 2010-07-09 08:39:38.926148365 +0200
@@ -50,6 +50,12 @@
userdom_use_user_terminals(dmesg_t)
@@ -466,8 +466,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.8.6/policy/modules/admin/firstboot.te
---- nsaserefpolicy/policy/modules/admin/firstboot.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/firstboot.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/firstboot.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/firstboot.te 2010-07-09 08:39:38.926148365 +0200
@@ -76,6 +76,7 @@
miscfiles_read_localization(firstboot_t)
@@ -490,8 +490,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
xserver_unconfined(firstboot_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.8.6/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/logrotate.te 2010-06-21 13:58:38.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/logrotate.te 2010-07-09 08:39:38.927145085 +0200
@@ -119,6 +119,7 @@
userdom_use_user_terminals(logrotate_t)
userdom_list_user_home_dirs(logrotate_t)
@@ -510,8 +510,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.fc serefpolicy-3.8.6/policy/modules/admin/logwatch.fc
---- nsaserefpolicy/policy/modules/admin/logwatch.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/logwatch.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/logwatch.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/logwatch.fc 2010-07-09 08:39:38.928148372 +0200
@@ -1,7 +1,11 @@
/usr/sbin/logcheck -- gen_context(system_u:object_r:logwatch_exec_t,s0)
+/usr/sbin/epylog -- gen_context(system_u:object_r:logwatch_exec_t,s0)
@@ -525,8 +525,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
+
+/var/run/epylog\.pid gen_context(system_u:object_r:logwatch_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.8.6/policy/modules/admin/logwatch.te
---- nsaserefpolicy/policy/modules/admin/logwatch.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/logwatch.te 2010-06-22 09:19:54.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/logwatch.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/logwatch.te 2010-07-09 08:39:38.929143906 +0200
@@ -19,6 +19,9 @@
type logwatch_tmp_t;
files_tmp_file(logwatch_tmp_t)
@@ -564,8 +564,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
ifdef(`distro_redhat',`
files_search_all(logwatch_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.8.6/policy/modules/admin/mrtg.te
---- nsaserefpolicy/policy/modules/admin/mrtg.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/mrtg.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/mrtg.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/mrtg.te 2010-07-09 08:39:38.929143906 +0200
@@ -115,6 +115,7 @@
userdom_use_user_terminals(mrtg_t)
userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -575,14 +575,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
netutils_domtrans_ping(mrtg_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.fc serefpolicy-3.8.6/policy/modules/admin/ncftool.fc
---- nsaserefpolicy/policy/modules/admin/ncftool.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/ncftool.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/ncftool.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/ncftool.fc 2010-07-09 08:39:38.930383609 +0200
@@ -0,0 +1,2 @@
+
+/usr/bin/ncftool -- gen_context(system_u:object_r:ncftool_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.if serefpolicy-3.8.6/policy/modules/admin/ncftool.if
---- nsaserefpolicy/policy/modules/admin/ncftool.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/ncftool.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/ncftool.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/ncftool.if 2010-07-09 08:39:38.930383609 +0200
@@ -0,0 +1,74 @@
+
+## <summary>policy for ncftool</summary>
@@ -659,8 +659,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.te serefpolicy-3.8.6/policy/modules/admin/ncftool.te
---- nsaserefpolicy/policy/modules/admin/ncftool.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/ncftool.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/ncftool.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/ncftool.te 2010-07-09 08:39:38.931384800 +0200
@@ -0,0 +1,79 @@
+policy_module(ncftool, 1.0.0)
+
@@ -742,8 +742,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool
+ dbus_system_bus_client(ncftool_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.8.6/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/netutils.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/netutils.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/netutils.te 2010-07-09 08:39:38.932383687 +0200
@@ -51,6 +51,8 @@
kernel_search_proc(netutils_t)
@@ -796,8 +796,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
+ term_use_all_ptys(traceroute_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.8.6/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te 2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/prelink.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/prelink.te 2010-07-09 08:39:38.932383687 +0200
@@ -59,6 +59,7 @@
manage_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
relabel_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
@@ -824,8 +824,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
domtrans_pattern(prelink_cron_system_t, prelink_exec_t, prelink_t)
allow prelink_cron_system_t prelink_t:process noatsecure;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.8.6/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/readahead.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/readahead.te 2010-07-09 08:39:38.933412396 +0200
@@ -51,6 +51,7 @@
files_list_non_security(readahead_t)
@@ -843,8 +843,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
fs_dontaudit_read_ramfs_pipes(readahead_t)
fs_dontaudit_read_ramfs_files(readahead_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.8.6/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/rpm.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/rpm.fc 2010-07-09 08:39:38.934384463 +0200
@@ -1,6 +1,7 @@
/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -864,8 +864,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
/var/cache/yum(/.*)? gen_context(system_u:object_r:rpm_var_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.8.6/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/rpm.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/rpm.if 2010-07-09 08:39:38.935384536 +0200
@@ -13,11 +13,36 @@
interface(`rpm_domtrans',`
gen_require(`
@@ -1053,8 +1053,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
+ domain_entry_file($1, rpm_exec_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.8.6/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/rpm.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/rpm.te 2010-07-09 08:39:38.936410522 +0200
@@ -1,5 +1,7 @@
policy_module(rpm, 1.11.0)
@@ -1237,8 +1237,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
optional_policy(`
java_domtrans_unconfined(rpm_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectoolm.te serefpolicy-3.8.6/policy/modules/admin/sectoolm.te
---- nsaserefpolicy/policy/modules/admin/sectoolm.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/sectoolm.te 2010-06-22 08:31:37.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/sectoolm.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/sectoolm.te 2010-07-09 08:39:38.937395020 +0200
@@ -84,6 +84,7 @@
sysnet_domtrans_ifconfig(sectoolm_t)
@@ -1248,8 +1248,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectool
optional_policy(`
mount_exec(sectoolm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.8.6/policy/modules/admin/shorewall.if
---- nsaserefpolicy/policy/modules/admin/shorewall.if 2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/shorewall.if 2010-06-25 13:22:32.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shorewall.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/shorewall.if 2010-07-09 08:39:38.938410460 +0200
@@ -134,9 +134,10 @@
#
interface(`shorewall_admin',`
@@ -1280,8 +1280,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
admin_pattern($1, shorewall_tmp_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.8.6/policy/modules/admin/shorewall.te
---- nsaserefpolicy/policy/modules/admin/shorewall.te 2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/shorewall.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shorewall.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/shorewall.te 2010-07-09 08:39:38.939384412 +0200
@@ -80,13 +80,14 @@
init_rw_utmp(shorewall_t)
@@ -1299,8 +1299,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
optional_policy(`
hostname_exec(shorewall_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.fc serefpolicy-3.8.6/policy/modules/admin/shutdown.fc
---- nsaserefpolicy/policy/modules/admin/shutdown.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/shutdown.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shutdown.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/shutdown.fc 2010-07-09 08:39:38.939384412 +0200
@@ -0,0 +1,5 @@
+/etc/nologin -- gen_context(system_u:object_r:shutdown_etc_t,s0)
+
@@ -1308,8 +1308,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
+
+/var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.if serefpolicy-3.8.6/policy/modules/admin/shutdown.if
---- nsaserefpolicy/policy/modules/admin/shutdown.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/shutdown.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shutdown.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/shutdown.if 2010-07-09 08:39:38.940411026 +0200
@@ -0,0 +1,136 @@
+
+## <summary>policy for shutdown</summary>
@@ -1448,8 +1448,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
+ allow $1 shutdown_exec_t:file getattr;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.8.6/policy/modules/admin/shutdown.te
---- nsaserefpolicy/policy/modules/admin/shutdown.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/admin/shutdown.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/shutdown.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/admin/shutdown.te 2010-07-09 08:39:38.941384420 +0200
@@ -0,0 +1,61 @@
+policy_module(shutdown,1.0.0)
+
@@ -1513,8 +1513,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
+ xserver_dontaudit_write_log(shutdown_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.8.6/policy/modules/admin/sudo.if
---- nsaserefpolicy/policy/modules/admin/sudo.if 2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/sudo.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/sudo.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/sudo.if 2010-07-09 08:39:38.942384633 +0200
@@ -73,6 +73,10 @@
# Enter this derived domain from the user domain
domtrans_pattern($3, sudo_exec_t, $1_sudo_t)
@@ -1543,8 +1543,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_files($1_sudo_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.8.6/policy/modules/admin/su.if
---- nsaserefpolicy/policy/modules/admin/su.if 2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/su.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/su.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/su.if 2010-07-09 08:39:38.942384633 +0200
@@ -212,7 +212,7 @@
auth_domtrans_chk_passwd($1_su_t)
@@ -1563,8 +1563,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
ifdef(`distro_redhat',`
# RHEL5 and possibly newer releases incl. Fedora
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.8.6/policy/modules/admin/tmpreaper.te
---- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/tmpreaper.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/tmpreaper.te 2010-07-09 08:39:38.943384777 +0200
@@ -25,8 +25,11 @@
files_read_etc_files(tmpreaper_t)
files_read_var_lib_files(tmpreaper_t)
@@ -1603,8 +1603,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.8.6/policy/modules/admin/usermanage.if
---- nsaserefpolicy/policy/modules/admin/usermanage.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/usermanage.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/usermanage.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/usermanage.if 2010-07-09 08:39:38.944411181 +0200
@@ -18,6 +18,10 @@
files_search_usr($1)
corecmd_search_bin($1)
@@ -1661,8 +1661,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
nscd_run(useradd_t, $2)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.8.6/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/usermanage.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/usermanage.te 2010-07-09 08:39:38.946384439 +0200
@@ -208,6 +208,7 @@
files_manage_etc_files(groupadd_t)
files_relabel_etc_files(groupadd_t)
@@ -1752,8 +1752,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.8.6/policy/modules/admin/vbetool.te
---- nsaserefpolicy/policy/modules/admin/vbetool.te 2010-06-21 08:21:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/vbetool.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/vbetool.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/vbetool.te 2010-07-09 08:39:38.946384439 +0200
@@ -24,7 +24,10 @@
dev_rw_xserver_misc(vbetool_t)
dev_rw_mtrr(vbetool_t)
@@ -1766,8 +1766,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
mls_file_read_all_levels(vbetool_t)
mls_file_write_all_levels(vbetool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.8.6/policy/modules/admin/vpn.if
---- nsaserefpolicy/policy/modules/admin/vpn.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/vpn.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/vpn.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/vpn.if 2010-07-09 08:39:38.947411402 +0200
@@ -110,7 +110,7 @@
## </summary>
## </param>
@@ -1800,8 +1800,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if
+ allow $1 vpnc_t:tun_socket relabelfrom;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.8.6/policy/modules/admin/vpn.te
---- nsaserefpolicy/policy/modules/admin/vpn.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/admin/vpn.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/vpn.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/admin/vpn.te 2010-07-09 08:39:38.948384377 +0200
@@ -30,7 +30,7 @@
allow vpnc_t self:rawip_socket create_socket_perms;
allow vpnc_t self:unix_dgram_socket create_socket_perms;
@@ -1820,15 +1820,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te
optional_policy(`
dbus_system_bus_client(vpnc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.8.6/policy/modules/apps/chrome.fc
---- nsaserefpolicy/policy/modules/apps/chrome.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/chrome.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/chrome.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/chrome.fc 2010-07-09 08:39:38.948384377 +0200
@@ -0,0 +1,3 @@
+ /opt/google/chrome/chrome-sandbox -- gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
+
+/usr/lib(64)?/chromium-browser/chrome-sandbox -- gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.8.6/policy/modules/apps/chrome.if
---- nsaserefpolicy/policy/modules/apps/chrome.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/chrome.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/chrome.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/chrome.if 2010-07-09 08:39:38.949384730 +0200
@@ -0,0 +1,90 @@
+
+## <summary>policy for chrome</summary>
@@ -1921,8 +1921,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.8.6/policy/modules/apps/chrome.te
---- nsaserefpolicy/policy/modules/apps/chrome.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/chrome.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/chrome.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/chrome.te 2010-07-09 08:39:38.950396398 +0200
@@ -0,0 +1,86 @@
+policy_module(chrome,1.0.0)
+
@@ -2011,8 +2011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.t
+ fs_dontaudit_read_cifs_files(chrome_sandbox_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.8.6/policy/modules/apps/cpufreqselector.te
---- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/cpufreqselector.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/cpufreqselector.te 2010-07-09 08:39:38.951384528 +0200
@@ -27,7 +27,7 @@
miscfiles_read_localization(cpufreqselector_t)
@@ -2023,8 +2023,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqs
optional_policy(`
dbus_system_domain(cpufreqselector_t, cpufreqselector_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.8.6/policy/modules/apps/execmem.fc
---- nsaserefpolicy/policy/modules/apps/execmem.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/execmem.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/execmem.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/execmem.fc 2010-07-09 08:39:38.951384528 +0200
@@ -0,0 +1,47 @@
+
+/usr/bin/aticonfig -- gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -2074,8 +2074,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
+/opt/google/chrome/google-chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.8.6/policy/modules/apps/execmem.if
---- nsaserefpolicy/policy/modules/apps/execmem.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/execmem.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/execmem.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/execmem.if 2010-07-09 08:39:38.952410793 +0200
@@ -0,0 +1,110 @@
+## <summary>execmem domain</summary>
+
@@ -2188,8 +2188,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
+ domtrans_pattern($1, execmem_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.8.6/policy/modules/apps/execmem.te
---- nsaserefpolicy/policy/modules/apps/execmem.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/execmem.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/execmem.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/execmem.te 2010-07-09 08:39:38.953384466 +0200
@@ -0,0 +1,10 @@
+policy_module(execmem, 1.0.0)
+
@@ -2202,15 +2202,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
+application_executable_file(execmem_exec_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.8.6/policy/modules/apps/firewallgui.fc
---- nsaserefpolicy/policy/modules/apps/firewallgui.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/firewallgui.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.fc 2010-07-09 08:39:38.954385029 +0200
@@ -0,0 +1,3 @@
+
+/usr/share/system-config-firewall/system-config-firewall-mechanism.py -- gen_context(system_u:object_r:firewallgui_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.8.6/policy/modules/apps/firewallgui.if
---- nsaserefpolicy/policy/modules/apps/firewallgui.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/firewallgui.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.if 2010-07-09 08:39:38.955384963 +0200
@@ -0,0 +1,23 @@
+
+## <summary>policy for firewallgui</summary>
@@ -2236,8 +2236,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
+ allow firewallgui_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.8.6/policy/modules/apps/firewallgui.te
---- nsaserefpolicy/policy/modules/apps/firewallgui.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/firewallgui.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/firewallgui.te 2010-07-09 08:39:38.956385316 +0200
@@ -0,0 +1,65 @@
+policy_module(firewallgui,1.0.0)
+
@@ -2305,8 +2305,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.8.6/policy/modules/apps/gitosis.fc
---- nsaserefpolicy/policy/modules/apps/gitosis.fc 2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gitosis.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gitosis.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gitosis.fc 2010-07-09 08:39:38.956385316 +0200
@@ -1,3 +1,5 @@
/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
+/usr/bin/gl-auth-command -- gen_context(system_u:object_r:gitosis_exec_t,s0)
@@ -2314,8 +2314,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
+/var/lib/gitolite(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.8.6/policy/modules/apps/gitosis.if
---- nsaserefpolicy/policy/modules/apps/gitosis.if 2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gitosis.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gitosis.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gitosis.if 2010-07-09 08:39:38.957411650 +0200
@@ -62,7 +62,7 @@
files_search_var_lib($1)
read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
@@ -2326,8 +2326,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.8.6/policy/modules/apps/gitosis.te
---- nsaserefpolicy/policy/modules/apps/gitosis.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gitosis.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gitosis.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gitosis.te 2010-07-09 08:39:38.958409140 +0200
@@ -25,12 +25,17 @@
manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
@@ -2348,8 +2348,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
+
+sysnet_read_config(gitosis_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.8.6/policy/modules/apps/gnome.fc
---- nsaserefpolicy/policy/modules/apps/gnome.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gnome.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gnome.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gnome.fc 2010-07-09 08:39:38.959385188 +0200
@@ -1,8 +1,28 @@
-HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:cache_home_t,s0)
@@ -2382,8 +2382,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.8.6/policy/modules/apps/gnome.if
---- nsaserefpolicy/policy/modules/apps/gnome.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gnome.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gnome.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gnome.if 2010-07-09 08:39:38.960385052 +0200
@@ -74,6 +74,24 @@
########################################
@@ -2839,8 +2839,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
+ allow gconfdefaultsm_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.8.6/policy/modules/apps/gnome.te
---- nsaserefpolicy/policy/modules/apps/gnome.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gnome.te 2010-06-28 11:02:17.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gnome.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gnome.te 2010-07-09 08:39:38.962385060 +0200
@@ -6,18 +6,33 @@
#
@@ -2992,8 +2992,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te
+ policykit_read_reload(gnomesystemmm_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.8.6/policy/modules/apps/gpg.fc
---- nsaserefpolicy/policy/modules/apps/gpg.fc 2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gpg.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gpg.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gpg.fc 2010-07-09 08:39:38.963384854 +0200
@@ -1,4 +1,5 @@
HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0)
+/root/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0)
@@ -3001,8 +3001,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
/usr/bin/gpg(2)? -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/bin/gpg-agent -- gen_context(system_u:object_r:gpg_agent_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.8.6/policy/modules/apps/gpg.if
---- nsaserefpolicy/policy/modules/apps/gpg.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gpg.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gpg.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gpg.if 2010-07-09 08:39:38.964385207 +0200
@@ -60,8 +60,10 @@
ifdef(`hide_broken_symptoms',`
@@ -3060,8 +3060,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
## <summary>
## Send generic signals to user gpg processes.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.8.6/policy/modules/apps/gpg.te
---- nsaserefpolicy/policy/modules/apps/gpg.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/gpg.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gpg.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/gpg.te 2010-07-09 08:39:38.965385281 +0200
@@ -4,6 +4,7 @@
#
# Declarations
@@ -3255,8 +3255,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
+ miscfiles_manage_public_files(gpg_web_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc serefpolicy-3.8.6/policy/modules/apps/irc.fc
---- nsaserefpolicy/policy/modules/apps/irc.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/irc.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/irc.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/irc.fc 2010-07-09 08:39:38.966390174 +0200
@@ -2,10 +2,14 @@
# /home
#
@@ -3273,8 +3273,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc s
+/usr/bin/irssi -- gen_context(system_u:object_r:irssi_exec_t,s0)
/usr/bin/tinyirc -- gen_context(system_u:object_r:irc_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if serefpolicy-3.8.6/policy/modules/apps/irc.if
---- nsaserefpolicy/policy/modules/apps/irc.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/irc.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/irc.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/irc.if 2010-07-09 08:39:38.967410781 +0200
@@ -18,9 +18,11 @@
interface(`irc_role',`
gen_require(`
@@ -3306,8 +3306,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if s
+ relabel_lnk_files_pattern($2, irssi_home_t, irssi_home_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te serefpolicy-3.8.6/policy/modules/apps/irc.te
---- nsaserefpolicy/policy/modules/apps/irc.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/irc.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/irc.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/irc.te 2010-07-09 08:39:38.968384943 +0200
@@ -24,6 +24,30 @@
########################################
@@ -3424,8 +3424,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.8.6/policy/modules/apps/java.fc
---- nsaserefpolicy/policy/modules/apps/java.fc 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/java.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/java.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/java.fc 2010-07-09 08:39:38.969384877 +0200
@@ -9,6 +9,7 @@
#
# /usr
@@ -3444,8 +3444,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
/usr/java/eclipse[^/]*/eclipse -- gen_context(system_u:object_r:java_exec_t,s0)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.8.6/policy/modules/apps/java.if
---- nsaserefpolicy/policy/modules/apps/java.if 2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/java.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/java.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/java.if 2010-07-09 08:39:38.970385091 +0200
@@ -72,6 +72,7 @@
domain_interactive_fd($1_java_t)
@@ -3472,8 +3472,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.8.6/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/java.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/java.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/java.te 2010-07-09 08:39:38.971385234 +0200
@@ -152,6 +152,7 @@
unconfined_domain_noaudit(unconfined_java_t)
@@ -3483,20 +3483,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te
optional_policy(`
rpm_domtrans(unconfined_java_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.8.6/policy/modules/apps/kdumpgui.fc
---- nsaserefpolicy/policy/modules/apps/kdumpgui.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.fc 2010-07-09 08:39:38.972385098 +0200
@@ -0,0 +1,2 @@
+
+/usr/share/system-config-kdump/system-config-kdump-backend.py -- gen_context(system_u:object_r:kdumpgui_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.8.6/policy/modules/apps/kdumpgui.if
---- nsaserefpolicy/policy/modules/apps/kdumpgui.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.if 2010-07-09 08:39:38.972385098 +0200
@@ -0,0 +1,2 @@
+## <summary>system-config-kdump policy</summary>
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.8.6/policy/modules/apps/kdumpgui.te
---- nsaserefpolicy/policy/modules/apps/kdumpgui.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/kdumpgui.te 2010-07-09 08:39:38.973385242 +0200
@@ -0,0 +1,68 @@
+policy_module(kdumpgui,1.0.0)
+
@@ -3567,14 +3567,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui
+ policykit_dbus_chat(kdumpgui_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.8.6/policy/modules/apps/livecd.fc
---- nsaserefpolicy/policy/modules/apps/livecd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/livecd.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/livecd.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/livecd.fc 2010-07-09 08:39:38.974385246 +0200
@@ -0,0 +1,2 @@
+
+/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.8.6/policy/modules/apps/livecd.if
---- nsaserefpolicy/policy/modules/apps/livecd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/livecd.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/livecd.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/livecd.if 2010-07-09 08:39:38.975411790 +0200
@@ -0,0 +1,127 @@
+
+## <summary>policy for livecd</summary>
@@ -3704,8 +3704,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.8.6/policy/modules/apps/livecd.te
---- nsaserefpolicy/policy/modules/apps/livecd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/livecd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/livecd.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/livecd.te 2010-07-09 08:39:38.976411374 +0200
@@ -0,0 +1,34 @@
+policy_module(livecd, 1.0.0)
+
@@ -3742,8 +3742,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.t
+seutil_domtrans_setfiles_mac(livecd_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.8.6/policy/modules/apps/mono.if
---- nsaserefpolicy/policy/modules/apps/mono.if 2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/mono.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mono.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mono.if 2010-07-09 08:39:38.977385188 +0200
@@ -40,16 +40,19 @@
domain_interactive_fd($1_mono_t)
application_type($1_mono_t)
@@ -3766,8 +3766,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if
optional_policy(`
xserver_role($1_r, $1_mono_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.8.6/policy/modules/apps/mozilla.fc
---- nsaserefpolicy/policy/modules/apps/mozilla.fc 2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mozilla.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mozilla.fc 2010-07-09 08:39:38.978385121 +0200
@@ -1,6 +1,7 @@
HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
@@ -3777,8 +3777,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.8.6/policy/modules/apps/mozilla.if
---- nsaserefpolicy/policy/modules/apps/mozilla.if 2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mozilla.if 2010-06-21 10:57:13.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mozilla.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mozilla.if 2010-07-09 08:39:38.979385265 +0200
@@ -48,6 +48,12 @@
mozilla_dbus_chat($2)
@@ -3802,8 +3802,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.8.6/policy/modules/apps/mozilla.te
---- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mozilla.te 2010-06-21 10:57:39.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mozilla.te 2010-07-09 08:39:38.980384920 +0200
@@ -90,6 +90,7 @@
corenet_raw_sendrecv_generic_node(mozilla_t)
corenet_tcp_sendrecv_http_port(mozilla_t)
@@ -3833,8 +3833,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
pulseaudio_stream_connect(mozilla_t)
pulseaudio_manage_home_files(mozilla_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.8.6/policy/modules/apps/mplayer.if
---- nsaserefpolicy/policy/modules/apps/mplayer.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mplayer.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mplayer.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mplayer.if 2010-07-09 08:39:38.981385133 +0200
@@ -102,3 +102,39 @@
read_files_pattern($1, mplayer_home_t, mplayer_home_t)
userdom_search_user_home_dirs($1)
@@ -3876,8 +3876,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
+ domtrans_pattern($1, mplayer_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.8.6/policy/modules/apps/mplayer.te
---- nsaserefpolicy/policy/modules/apps/mplayer.te 2010-06-21 10:50:00.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/mplayer.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mplayer.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/mplayer.te 2010-07-09 08:39:38.982385207 +0200
@@ -160,6 +160,7 @@
manage_files_pattern(mplayer_t, mplayer_home_t, mplayer_home_t)
manage_lnk_files_pattern(mplayer_t, mplayer_home_t, mplayer_home_t)
@@ -3912,8 +3912,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.8.6/policy/modules/apps/nsplugin.fc
---- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.fc 2010-07-09 08:39:38.983385211 +0200
@@ -0,0 +1,10 @@
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -3926,8 +3926,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.8.6/policy/modules/apps/nsplugin.if
---- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.if 2010-07-09 08:39:38.984385145 +0200
@@ -0,0 +1,391 @@
+
+## <summary>policy for nsplugin</summary>
@@ -4321,8 +4321,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+ domtrans_pattern($1, nsplugin_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.8.6/policy/modules/apps/nsplugin.te
---- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/nsplugin.te 2010-07-09 08:39:38.986385082 +0200
@@ -0,0 +1,299 @@
+policy_module(nsplugin, 1.0.0)
+
@@ -4624,16 +4624,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.8.6/policy/modules/apps/openoffice.fc
---- nsaserefpolicy/policy/modules/apps/openoffice.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/openoffice.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/openoffice.fc 2010-07-09 08:39:38.986385082 +0200
@@ -0,0 +1,4 @@
+/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/opt/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.8.6/policy/modules/apps/openoffice.if
---- nsaserefpolicy/policy/modules/apps/openoffice.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/openoffice.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/openoffice.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/openoffice.if 2010-07-09 08:39:38.987385156 +0200
@@ -0,0 +1,129 @@
+## <summary>Openoffice</summary>
+
@@ -4765,8 +4765,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
+ domtrans_pattern($1, openoffice_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.8.6/policy/modules/apps/openoffice.te
---- nsaserefpolicy/policy/modules/apps/openoffice.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/openoffice.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/openoffice.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/openoffice.te 2010-07-09 08:39:38.988389630 +0200
@@ -0,0 +1,16 @@
+policy_module(openoffice, 1.0.0)
+
@@ -4785,8 +4785,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
+#
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.8.6/policy/modules/apps/podsleuth.te
---- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/podsleuth.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/podsleuth.te 2010-07-09 08:39:38.989384745 +0200
@@ -49,6 +49,7 @@
fs_tmpfs_filetrans(podsleuth_t, podsleuth_tmpfs_t, { dir file lnk_file })
@@ -4811,8 +4811,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleut
optional_policy(`
dbus_system_bus_client(podsleuth_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.8.6/policy/modules/apps/pulseaudio.if
---- nsaserefpolicy/policy/modules/apps/pulseaudio.if 2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/pulseaudio.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/pulseaudio.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/pulseaudio.if 2010-07-09 08:39:38.990385238 +0200
@@ -104,6 +104,24 @@
can_exec($1, pulseaudio_exec_t)
')
@@ -4890,8 +4890,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
+ allow $1 pulseaudio_t:process signull;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.8.6/policy/modules/apps/pulseaudio.te
---- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/pulseaudio.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/pulseaudio.te 2010-07-09 08:39:38.991385172 +0200
@@ -40,9 +40,11 @@
manage_dirs_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
manage_files_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
@@ -4931,8 +4931,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
+ sandbox_manage_tmpfs_files(pulseaudio_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.8.6/policy/modules/apps/qemu.fc
---- nsaserefpolicy/policy/modules/apps/qemu.fc 2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/qemu.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/qemu.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/qemu.fc 2010-07-09 08:39:38.992411995 +0200
@@ -1,2 +1,4 @@
-/usr/bin/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
+/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
@@ -4940,8 +4940,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
/usr/libexec/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.8.6/policy/modules/apps/qemu.if
---- nsaserefpolicy/policy/modules/apps/qemu.if 2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/qemu.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/qemu.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/qemu.if 2010-07-09 08:39:38.993385040 +0200
@@ -127,12 +127,14 @@
template(`qemu_role',`
gen_require(`
@@ -5051,8 +5051,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.8.6/policy/modules/apps/qemu.te
---- nsaserefpolicy/policy/modules/apps/qemu.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/qemu.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/qemu.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/qemu.te 2010-07-09 08:39:38.994413120 +0200
@@ -49,6 +49,8 @@
#
# qemu local policy
@@ -5086,19 +5086,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te
+ allow unconfined_qemu_t qemu_exec_t:file execmod;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.8.6/policy/modules/apps/sambagui.fc
---- nsaserefpolicy/policy/modules/apps/sambagui.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sambagui.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sambagui.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sambagui.fc 2010-07-09 08:39:38.995411448 +0200
@@ -0,0 +1 @@
+/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.8.6/policy/modules/apps/sambagui.if
---- nsaserefpolicy/policy/modules/apps/sambagui.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sambagui.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sambagui.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sambagui.if 2010-07-09 08:39:38.996432614 +0200
@@ -0,0 +1,2 @@
+## <summary>system-config-samba policy</summary>
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.8.6/policy/modules/apps/sambagui.te
---- nsaserefpolicy/policy/modules/apps/sambagui.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sambagui.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sambagui.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sambagui.te 2010-07-09 08:39:38.997385265 +0200
@@ -0,0 +1,66 @@
+policy_module(sambagui,1.0.0)
+
@@ -5167,13 +5167,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui
+ policykit_dbus_chat(sambagui_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.8.6/policy/modules/apps/sandbox.fc
---- nsaserefpolicy/policy/modules/apps/sandbox.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sandbox.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sandbox.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sandbox.fc 2010-07-09 08:39:38.997385265 +0200
@@ -0,0 +1 @@
+# No types are sandbox_exec_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.8.6/policy/modules/apps/sandbox.if
---- nsaserefpolicy/policy/modules/apps/sandbox.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sandbox.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sandbox.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sandbox.if 2010-07-09 08:39:38.999385133 +0200
@@ -0,0 +1,314 @@
+
+## <summary>policy for sandbox</summary>
@@ -5490,9 +5490,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+ allow $1 sandbox_file_type:dir list_dir_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.8.6/policy/modules/apps/sandbox.te
---- nsaserefpolicy/policy/modules/apps/sandbox.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/sandbox.te 2010-06-22 08:36:58.000000000 -0400
-@@ -0,0 +1,387 @@
+--- nsaserefpolicy/policy/modules/apps/sandbox.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/sandbox.te 2010-07-09 09:45:35.840135472 +0200
+@@ -0,0 +1,390 @@
+policy_module(sandbox,1.0.0)
+dbus_stub()
+attribute sandbox_domain;
@@ -5802,10 +5802,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+corenet_dontaudit_tcp_bind_generic_port(sandbox_web_type)
+
+files_dontaudit_getattr_all_dirs(sandbox_web_type)
++files_dontaudit_list_mnt(sandbox_web_type)
+
+fs_dontaudit_rw_anon_inodefs_files(sandbox_web_type)
+fs_dontaudit_getattr_all_fs(sandbox_web_type)
+
++storage_dontaudit_getattr_fixed_disk_dev(sandbox_web_type)
++
+auth_use_nsswitch(sandbox_web_type)
+
+dbus_system_bus_client(sandbox_web_type)
@@ -5881,8 +5884,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.8.6/policy/modules/apps/seunshare.if
---- nsaserefpolicy/policy/modules/apps/seunshare.if 2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/seunshare.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/seunshare.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/seunshare.if 2010-07-09 08:39:39.001386048 +0200
@@ -53,8 +53,14 @@
########################################
@@ -5935,8 +5938,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.8.6/policy/modules/apps/seunshare.te
---- nsaserefpolicy/policy/modules/apps/seunshare.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/seunshare.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/seunshare.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/seunshare.te 2010-07-09 08:39:39.002385284 +0200
@@ -5,40 +5,39 @@
# Declarations
#
@@ -5996,8 +5999,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.8.6/policy/modules/apps/slocate.te
---- nsaserefpolicy/policy/modules/apps/slocate.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/slocate.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/slocate.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/slocate.te 2010-07-09 08:39:39.003385288 +0200
@@ -29,6 +29,7 @@
manage_files_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
@@ -6019,14 +6022,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
# getpwnam
auth_use_nsswitch(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.fc serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.fc
---- nsaserefpolicy/policy/modules/apps/telepathysofiasip.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.fc 2010-07-09 08:39:39.004389971 +0200
@@ -0,0 +1,2 @@
+
+/usr/libexec/telepathy-sofiasip -- gen_context(system_u:object_r:telepathysofiasip_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.if serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.if
---- nsaserefpolicy/policy/modules/apps/telepathysofiasip.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.if 2010-07-09 08:39:39.005385156 +0200
@@ -0,0 +1,69 @@
+
+## <summary>policy for telepathy-sofiasip</summary>
@@ -6098,8 +6101,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
+ telepathysofiasip_dbus_chat($2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.te serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.te
---- nsaserefpolicy/policy/modules/apps/telepathysofiasip.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/apps/telepathysofiasip.te 2010-07-09 08:39:39.006412119 +0200
@@ -0,0 +1,42 @@
+policy_module(telepathysofiasip,1.0.0)
+
@@ -6144,16 +6147,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
+
+sysnet_read_config(telepathysofiasip_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.fc serefpolicy-3.8.6/policy/modules/apps/userhelper.fc
---- nsaserefpolicy/policy/modules/apps/userhelper.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/userhelper.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/userhelper.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/userhelper.fc 2010-07-09 08:39:39.007385303 +0200
@@ -7,3 +7,4 @@
# /usr
#
/usr/sbin/userhelper -- gen_context(system_u:object_r:userhelper_exec_t,s0)
+/usr/bin/consolehelper -- gen_context(system_u:object_r:consolehelper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.8.6/policy/modules/apps/userhelper.if
---- nsaserefpolicy/policy/modules/apps/userhelper.if 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/userhelper.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/userhelper.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/userhelper.if 2010-07-09 08:39:39.008385237 +0200
@@ -25,6 +25,7 @@
gen_require(`
attribute userhelper_type;
@@ -6222,8 +6225,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.te serefpolicy-3.8.6/policy/modules/apps/userhelper.te
---- nsaserefpolicy/policy/modules/apps/userhelper.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/userhelper.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/userhelper.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/userhelper.te 2010-07-09 08:39:39.009384822 +0200
@@ -6,9 +6,51 @@
#
@@ -6277,8 +6280,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
+ xserver_stream_connect(consolehelper_domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.8.6/policy/modules/apps/vmware.fc
---- nsaserefpolicy/policy/modules/apps/vmware.fc 2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/vmware.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/vmware.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/vmware.fc 2010-07-09 08:39:39.010385734 +0200
@@ -20,7 +20,7 @@
/usr/bin/vmnet-sniffer -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
/usr/bin/vmware-network -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
@@ -6298,8 +6301,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.f
/opt/vmware/(workstation|player)/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
/opt/vmware/(workstation|player)/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.8.6/policy/modules/apps/vmware.if
---- nsaserefpolicy/policy/modules/apps/vmware.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/vmware.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/vmware.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/vmware.if 2010-07-09 08:39:39.011385109 +0200
@@ -84,3 +84,22 @@
logging_search_logs($1)
append_files_pattern($1, vmware_log_t, vmware_log_t)
@@ -6324,8 +6327,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.8.6/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/vmware.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/vmware.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/vmware.te 2010-07-09 08:39:39.012385742 +0200
@@ -28,6 +28,10 @@
type vmware_host_exec_t;
init_daemon_domain(vmware_host_t, vmware_host_exec_t)
@@ -6371,8 +6374,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.t
domain_use_interactive_fds(vmware_host_t)
domain_dontaudit_read_all_domains_state(vmware_host_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.8.6/policy/modules/apps/wine.fc
---- nsaserefpolicy/policy/modules/apps/wine.fc 2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/wine.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/wine.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/wine.fc 2010-07-09 08:39:39.013385047 +0200
@@ -2,6 +2,7 @@
/opt/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
@@ -6382,8 +6385,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc
/opt/google/picasa(/.*)?/bin/notepad -- gen_context(system_u:object_r:wine_exec_t,s0)
/opt/google/picasa(/.*)?/bin/progman -- gen_context(system_u:object_r:wine_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.8.6/policy/modules/apps/wine.if
---- nsaserefpolicy/policy/modules/apps/wine.if 2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/apps/wine.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/wine.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/wine.if 2010-07-09 08:39:39.014385051 +0200
@@ -35,6 +35,8 @@
role $1 types wine_t;
@@ -6410,8 +6413,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if
optional_policy(`
xserver_role($1_r, $1_wine_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.8.6/policy/modules/apps/wine.te
---- nsaserefpolicy/policy/modules/apps/wine.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/wine.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/wine.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/wine.te 2010-07-09 08:39:39.015384915 +0200
@@ -1,5 +1,13 @@
policy_module(wine, 1.7.0)
@@ -6455,8 +6458,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.8.6/policy/modules/apps/wm.if
---- nsaserefpolicy/policy/modules/apps/wm.if 2009-07-27 18:11:17.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/apps/wm.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/wm.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/apps/wm.if 2010-07-09 08:39:39.016385128 +0200
@@ -30,6 +30,7 @@
template(`wm_role_template',`
gen_require(`
@@ -6505,9 +6508,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if se
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.8.6/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/corecommands.fc 2010-06-21 10:53:58.000000000 -0400
-@@ -101,6 +101,9 @@
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/corecommands.fc 2010-07-09 16:26:49.939385338 +0200
+@@ -9,8 +9,10 @@
+ /bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
++/bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0)
++/bin/yash -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
+
+ #
+@@ -101,6 +103,9 @@
/etc/X11/xdm/Xsetup_0 -- gen_context(system_u:object_r:bin_t,s0)
/etc/X11/xinit(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -6517,7 +6531,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
/etc/profile.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/xen/qemu-ifup -- gen_context(system_u:object_r:bin_t,s0)
/etc/xen/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -145,6 +148,10 @@
+@@ -145,6 +150,10 @@
/opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -6528,7 +6542,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
ifdef(`distro_gentoo',`
/opt/RealPlayer/realplay(\.bin)? gen_context(system_u:object_r:bin_t,s0)
/opt/RealPlayer/postint(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -228,6 +235,8 @@
+@@ -228,6 +237,8 @@
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/e16/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gedit-2/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -6537,7 +6551,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
-@@ -340,3 +349,22 @@
+@@ -340,3 +351,22 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -6561,8 +6575,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
+
+/usr/lib(64)?/gimp/.*/plug-ins(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.8.6/policy/modules/kernel/corecommands.if
---- nsaserefpolicy/policy/modules/kernel/corecommands.if 2010-03-05 17:14:56.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/kernel/corecommands.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/corecommands.if 2010-07-09 08:39:39.019385000 +0200
@@ -931,6 +931,7 @@
read_lnk_files_pattern($1, bin_t, bin_t)
@@ -6580,8 +6594,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
manage_lnk_files_pattern($1, bin_t, bin_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.8.6/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/corenetwork.te.in 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/corenetwork.te.in 2010-07-09 08:39:39.020385144 +0200
@@ -24,6 +24,7 @@
#
type tun_tap_device_t;
@@ -6717,8 +6731,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(zope, tcp,8021,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.8.6/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/devices.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/devices.fc 2010-07-09 08:39:39.021411478 +0200
@@ -191,3 +191,8 @@
/var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
@@ -6729,8 +6743,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+#
+/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.8.6/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/devices.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/devices.if 2010-07-09 08:39:39.025385233 +0200
@@ -606,6 +606,24 @@
########################################
@@ -6839,8 +6853,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.8.6/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/devices.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/devices.te 2010-07-09 08:39:39.027385241 +0200
@@ -100,6 +100,7 @@
#
type kvm_device_t;
@@ -6857,8 +6871,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+allow devices_unconfined_type device_node:{ blk_file chr_file lnk_file } *;
allow devices_unconfined_type mtrr_device_t:file *;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.8.6/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if 2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/domain.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/domain.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/domain.if 2010-07-09 08:39:39.029385179 +0200
@@ -611,7 +611,7 @@
########################################
@@ -6939,8 +6953,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ dontaudit $1 domain:socket_class_set { read write };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.8.6/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/domain.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/domain.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/domain.te 2010-07-09 08:39:39.030385252 +0200
@@ -4,6 +4,21 @@
#
# Declarations
@@ -7107,8 +7121,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+# broken kernel
+dontaudit can_change_object_identity can_change_object_identity:key link;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.8.6/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/files.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/files.fc 2010-07-09 16:29:56.646135332 +0200
@@ -18,6 +18,7 @@
/fsckoptions -- gen_context(system_u:object_r:etc_runtime_t,s0)
/halt -- gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -7117,19 +7131,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
')
ifdef(`distro_suse',`
-@@ -64,6 +65,11 @@
+@@ -64,6 +65,13 @@
/etc/reader\.conf -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/smartd\.conf.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
+/etc/sysctl\.conf(\.old)? -- gen_context(system_u:object_r:system_conf_t,s0)
++/etc/sysconfig/ebtables.* -- gen_context(system_u:object_r:system_conf_t,s0)
+/etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:system_conf_t,s0)
+/etc/sysconfig/ipvsadm.* -- gen_context(system_u:object_r:system_conf_t,s0)
+/etc/sysconfig/system-config-firewall.* -- gen_context(system_u:object_r:system_conf_t,s0)
+
++
/etc/cups/client\.conf -- gen_context(system_u:object_r:etc_t,s0)
/etc/ipsec\.d/examples(/.*)? gen_context(system_u:object_r:etc_t,s0)
-@@ -74,7 +80,8 @@
+@@ -74,7 +82,8 @@
/etc/sysconfig/hwconf -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/sysconfig/iptables\.save -- gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -7139,7 +7155,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
ifdef(`distro_gentoo', `
/etc/profile\.env -- gen_context(system_u:object_r:etc_runtime_t,s0)
-@@ -95,7 +102,7 @@
+@@ -95,7 +104,7 @@
# HOME_ROOT
# expanded by genhomedircon
#
@@ -7148,7 +7164,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
HOME_ROOT/\.journal <<none>>
HOME_ROOT/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
HOME_ROOT/lost\+found/.* <<none>>
-@@ -159,6 +166,10 @@
+@@ -159,6 +168,10 @@
/proc -d <<none>>
/proc/.* <<none>>
@@ -7159,7 +7175,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
#
# /selinux
#
-@@ -172,12 +183,6 @@
+@@ -172,12 +185,6 @@
/srv/.* gen_context(system_u:object_r:var_t,s0)
#
@@ -7172,7 +7188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
# /tmp
#
/tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
-@@ -217,7 +222,6 @@
+@@ -217,7 +224,6 @@
ifndef(`distro_redhat',`
/usr/local/src(/.*)? gen_context(system_u:object_r:src_t,s0)
@@ -7180,7 +7196,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
/usr/src(/.*)? gen_context(system_u:object_r:src_t,s0)
/usr/src/kernels/.+/lib(/.*)? gen_context(system_u:object_r:usr_t,s0)
')
-@@ -233,6 +237,8 @@
+@@ -233,6 +239,8 @@
/var/ftp/etc(/.*)? gen_context(system_u:object_r:etc_t,s0)
@@ -7189,15 +7205,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
/var/lib(/.*)? gen_context(system_u:object_r:var_lib_t,s0)
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
-@@ -258,3 +264,5 @@
+@@ -258,3 +266,5 @@
ifdef(`distro_debian',`
/var/run/motd -- gen_context(system_u:object_r:etc_runtime_t,s0)
')
+/nsr(/.*)? gen_context(system_u:object_r:var_t,s0)
+/nsr/logs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.8.6/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/files.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/files.if 2010-07-09 09:46:04.850134775 +0200
@@ -1053,10 +1053,8 @@
relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
@@ -7285,7 +7301,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
')
########################################
-@@ -3711,6 +3748,64 @@
+@@ -3347,6 +3384,24 @@
+ allow $1 mnt_t:dir list_dir_perms;
+ ')
+
++######################################
++## <summary>
++## dontaudit List the contents of /mnt.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`files_dontaudit_list_mnt',`
++ gen_require(`
++ type mnt_t;
++ ')
++
++ dontaudit $1 mnt_t:dir list_dir_perms;
++')
++
+ ########################################
+ ## <summary>
+ ## Mount a filesystem on /mnt.
+@@ -3711,6 +3766,64 @@
allow $1 readable_t:sock_file read_sock_file_perms;
')
@@ -7350,7 +7391,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
########################################
## <summary>
## Allow the specified type to associate
-@@ -3896,6 +3991,32 @@
+@@ -3896,6 +4009,32 @@
########################################
## <summary>
@@ -7383,7 +7424,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
## Manage temporary files and directories in /tmp.
## </summary>
## <param name="domain">
-@@ -4109,6 +4230,13 @@
+@@ -4109,6 +4248,13 @@
delete_lnk_files_pattern($1, tmpfile, tmpfile)
delete_fifo_files_pattern($1, tmpfile, tmpfile)
delete_sock_files_pattern($1, tmpfile, tmpfile)
@@ -7397,7 +7438,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
')
########################################
-@@ -5298,6 +5426,25 @@
+@@ -5298,6 +5444,25 @@
search_dirs_pattern($1, var_t, var_run_t)
')
@@ -7423,7 +7464,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
########################################
## <summary>
## Do not audit attempts to search
-@@ -5522,6 +5669,7 @@
+@@ -5522,6 +5687,7 @@
list_dirs_pattern($1, var_t, pidfile)
read_files_pattern($1, pidfile, pidfile)
@@ -7431,7 +7472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
')
########################################
-@@ -5807,3 +5955,229 @@
+@@ -5807,3 +5973,229 @@
typeattribute $1 files_unconfined_type;
')
@@ -7662,8 +7703,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+ allow $1 file_type:kernel_service create_files_as;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.8.6/policy/modules/kernel/files.te
---- nsaserefpolicy/policy/modules/kernel/files.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/files.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/files.te 2010-07-09 08:39:39.038435081 +0200
@@ -11,6 +11,7 @@
attribute mountpoint;
attribute pidfile;
@@ -7696,8 +7737,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
#Temporarily in policy until FC5 dissappears
typealias etc_runtime_t alias firstboot_rw_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.8.6/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/filesystem.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/filesystem.if 2010-07-09 08:39:39.042385299 +0200
@@ -1207,7 +1207,7 @@
type cifs_t;
')
@@ -7932,8 +7973,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.8.6/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/filesystem.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/filesystem.te 2010-07-09 08:39:39.044385167 +0200
@@ -52,6 +52,7 @@
fs_type(anon_inodefs_t)
files_mountpoint(anon_inodefs_t)
@@ -7976,8 +8017,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.8.6/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/kernel.if 2010-06-25 14:04:46.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/kernel.if 2010-07-09 08:39:39.046385104 +0200
@@ -1977,7 +1977,7 @@
')
@@ -8037,8 +8078,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.8.6/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/kernel.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/kernel.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/kernel.te 2010-07-09 08:39:39.048385182 +0200
@@ -156,6 +156,7 @@
#
type unlabeled_t;
@@ -8099,8 +8140,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
#
# Unlabeled process local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.8.6/policy/modules/kernel/selinux.if
---- nsaserefpolicy/policy/modules/kernel/selinux.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/selinux.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/selinux.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/selinux.if 2010-07-09 08:39:39.049385186 +0200
@@ -40,7 +40,7 @@
# because of this statement, any module which
@@ -8159,8 +8200,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
+ mls_trusted_object($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.8.6/policy/modules/kernel/storage.if
---- nsaserefpolicy/policy/modules/kernel/storage.if 2010-06-04 17:11:28.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/storage.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/storage.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/storage.if 2010-07-09 08:39:39.050384701 +0200
@@ -101,6 +101,8 @@
dev_list_all_dev_nodes($1)
allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
@@ -8171,8 +8212,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.8.6/policy/modules/kernel/terminal.if
---- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/kernel/terminal.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/kernel/terminal.if 2010-07-09 08:39:39.052385058 +0200
@@ -292,9 +292,11 @@
interface(`term_dontaudit_use_console',`
gen_require(`
@@ -8214,8 +8255,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditadm.te serefpolicy-3.8.6/policy/modules/roles/auditadm.te
---- nsaserefpolicy/policy/modules/roles/auditadm.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/auditadm.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/auditadm.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/auditadm.te 2010-07-09 08:39:39.053411252 +0200
@@ -28,10 +28,13 @@
logging_manage_audit_config(auditadm_t)
logging_run_auditctl(auditadm_t, auditadm_r)
@@ -8231,8 +8272,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditad
consoletype_exec(auditadm_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.8.6/policy/modules/roles/guest.te
---- nsaserefpolicy/policy/modules/roles/guest.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/guest.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/guest.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/guest.te 2010-07-09 08:39:39.054411536 +0200
@@ -15,11 +15,7 @@
#
@@ -8248,8 +8289,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.t
-#gen_user(guest_u,, guest_r, s0, s0)
+gen_user(guest_u, user, guest_r, s0, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.te serefpolicy-3.8.6/policy/modules/roles/secadm.te
---- nsaserefpolicy/policy/modules/roles/secadm.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/secadm.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/secadm.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/secadm.te 2010-07-09 08:39:39.055433540 +0200
@@ -9,6 +9,8 @@
userdom_unpriv_user_template(secadm)
@@ -8260,8 +8301,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.
########################################
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.8.6/policy/modules/roles/staff.te
---- nsaserefpolicy/policy/modules/roles/staff.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/staff.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/staff.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/staff.te 2010-07-09 08:39:39.056437385 +0200
@@ -8,25 +8,55 @@
role staff_r;
@@ -8457,8 +8498,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
+ userhelper_console_role_template(staff, staff_r, staff_usertype)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.8.6/policy/modules/roles/sysadm.te
---- nsaserefpolicy/policy/modules/roles/sysadm.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/sysadm.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/sysadm.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/sysadm.te 2010-07-09 08:39:39.058385290 +0200
@@ -27,17 +27,29 @@
corecmd_exec_shell(sysadm_t)
@@ -8814,8 +8855,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
+modutils_read_module_deps(sysadm_t)
+miscfiles_read_hwdata(sysadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.8.6/policy/modules/roles/unconfineduser.fc
---- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.fc 2010-07-09 08:39:39.059411066 +0200
@@ -0,0 +1,8 @@
+# Add programs here which should not be confined by SELinux
+# e.g.:
@@ -8826,8 +8867,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
+/usr/sbin/xrdp -- gen_context(system_u:object_r:unconfined_exec_t,s0)
+/usr/sbin/xrdp-sesman -- gen_context(system_u:object_r:unconfined_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.8.6/policy/modules/roles/unconfineduser.if
---- nsaserefpolicy/policy/modules/roles/unconfineduser.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.if 2010-07-09 08:39:39.061385442 +0200
@@ -0,0 +1,667 @@
+## <summary>Unconfiend user role</summary>
+
@@ -9497,8 +9538,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
+ allow $1 unconfined_r;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.8.6/policy/modules/roles/unconfineduser.te
---- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/roles/unconfineduser.te 2010-07-09 08:39:39.062384887 +0200
@@ -0,0 +1,443 @@
+policy_module(unconfineduser, 1.0.0)
+
@@ -9944,8 +9985,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.8.6/policy/modules/roles/unprivuser.te
---- nsaserefpolicy/policy/modules/roles/unprivuser.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/unprivuser.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/unprivuser.te 2010-07-09 08:39:39.063411361 +0200
@@ -12,10 +12,13 @@
userdom_unpriv_user_template(user)
@@ -10000,8 +10041,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu
xserver_role(user_r, user_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.8.6/policy/modules/roles/xguest.te
---- nsaserefpolicy/policy/modules/roles/xguest.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/roles/xguest.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/xguest.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/roles/xguest.te 2010-07-09 08:39:39.064410666 +0200
@@ -14,7 +14,7 @@
## <desc>
@@ -10137,8 +10178,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.
+
+gen_user(xguest_u, user, xguest_r, s0, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.8.6/policy/modules/services/abrt.fc
---- nsaserefpolicy/policy/modules/services/abrt.fc 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/abrt.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/abrt.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/abrt.fc 2010-07-09 08:39:39.065411438 +0200
@@ -15,6 +15,7 @@
/var/run/abrt\.pid -- gen_context(system_u:object_r:abrt_var_run_t,s0)
@@ -10148,8 +10189,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
/var/spool/abrt(/.*)? gen_context(system_u:object_r:abrt_var_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.8.6/policy/modules/services/abrt.if
---- nsaserefpolicy/policy/modules/services/abrt.if 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/abrt.if 2010-06-21 13:57:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/abrt.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/abrt.if 2010-07-09 08:39:39.066411512 +0200
@@ -130,6 +130,10 @@
')
@@ -10224,8 +10265,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
## <summary>
## All of the rules required to administrate
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.8.6/policy/modules/services/abrt.te
---- nsaserefpolicy/policy/modules/services/abrt.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/abrt.te 2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/abrt.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/abrt.te 2010-07-09 08:39:39.068385189 +0200
@@ -5,6 +5,14 @@
# Declarations
#
@@ -10351,8 +10392,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
+ allow abrt_t domain:process setrlimit;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.8.6/policy/modules/services/afs.te
---- nsaserefpolicy/policy/modules/services/afs.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/afs.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/afs.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/afs.te 2010-07-09 08:39:39.069385123 +0200
@@ -82,6 +82,10 @@
kernel_rw_afs_state(afs_t)
@@ -10365,8 +10406,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.
corenet_all_recvfrom_netlabel(afs_t)
corenet_tcp_sendrecv_generic_if(afs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.fc serefpolicy-3.8.6/policy/modules/services/aiccu.fc
---- nsaserefpolicy/policy/modules/services/aiccu.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/aiccu.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/aiccu.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/aiccu.fc 2010-07-09 08:39:39.070384918 +0200
@@ -0,0 +1,6 @@
+/etc/aiccu.conf -- gen_context(system_u:object_r:aiccu_etc_t,s0)
+/etc/rc\.d/init\.d/aiccu -- gen_context(system_u:object_r:aiccu_initrc_exec_t,s0)
@@ -10375,8 +10416,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
+
+/var/run/aiccu\.pid -- gen_context(system_u:object_r:aiccu_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.if serefpolicy-3.8.6/policy/modules/services/aiccu.if
---- nsaserefpolicy/policy/modules/services/aiccu.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/aiccu.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/aiccu.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/aiccu.if 2010-07-09 08:39:39.071385341 +0200
@@ -0,0 +1,118 @@
+## <summary>Automatic IPv6 Connectivity Client Utility.</summary>
+
@@ -10497,8 +10538,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
+ files_search_pids($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.te serefpolicy-3.8.6/policy/modules/services/aiccu.te
---- nsaserefpolicy/policy/modules/services/aiccu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/aiccu.te 2010-06-25 14:38:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/aiccu.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/aiccu.te 2010-07-09 08:39:39.072385065 +0200
@@ -0,0 +1,71 @@
+policy_module(aiccu, 1.0.0)
+
@@ -10572,8 +10613,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
+sysnet_dns_name_resolve(aiccu_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.8.6/policy/modules/services/aisexec.te
---- nsaserefpolicy/policy/modules/services/aisexec.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/aisexec.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/aisexec.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/aisexec.te 2010-07-09 08:39:39.073385209 +0200
@@ -97,3 +97,6 @@
rhcs_rw_groupd_semaphores(aisexec_t)
rhcs_rw_groupd_shm(aisexec_t)
@@ -10582,8 +10623,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
+userdom_rw_semaphores(aisexec_t)
+userdom_rw_unpriv_user_shared_mem(aisexec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.8.6/policy/modules/services/apache.fc
---- nsaserefpolicy/policy/modules/services/apache.fc 2010-04-06 15:15:38.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/apache.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apache.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/apache.fc 2010-07-09 08:39:39.074387866 +0200
@@ -24,7 +24,6 @@
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
@@ -10635,8 +10676,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+/var/www/svn/conf(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.8.6/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if 2010-04-06 15:15:38.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/apache.if 2010-06-25 16:19:36.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apache.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/apache.if 2010-07-09 08:39:39.076385360 +0200
@@ -13,17 +13,13 @@
#
template(`apache_content_template',`
@@ -11047,8 +11088,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+ dontaudit $1 httpd_t:unix_stream_socket { read write };
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.8.6/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/apache.te 2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apache.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/apache.te 2010-07-09 08:39:39.079385092 +0200
@@ -18,6 +18,8 @@
# Declarations
#
@@ -11589,8 +11630,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.8.6/policy/modules/services/apcupsd.te
---- nsaserefpolicy/policy/modules/services/apcupsd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/apcupsd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apcupsd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/apcupsd.te 2010-07-09 08:39:39.080385305 +0200
@@ -94,6 +94,10 @@
')
@@ -11603,8 +11644,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
mta_system_content(apcupsd_tmp_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.8.6/policy/modules/services/arpwatch.te
---- nsaserefpolicy/policy/modules/services/arpwatch.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/arpwatch.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/arpwatch.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/arpwatch.te 2010-07-09 08:39:39.081384820 +0200
@@ -63,6 +63,7 @@
corenet_udp_sendrecv_all_ports(arpwatch_t)
@@ -11614,8 +11655,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
fs_getattr_all_fs(arpwatch_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.8.6/policy/modules/services/asterisk.te
---- nsaserefpolicy/policy/modules/services/asterisk.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/asterisk.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/asterisk.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/asterisk.te 2010-07-09 08:39:39.082390202 +0200
@@ -99,6 +99,7 @@
corenet_tcp_bind_generic_node(asterisk_t)
corenet_udp_bind_generic_node(asterisk_t)
@@ -11644,8 +11685,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.8.6/policy/modules/services/automount.te
---- nsaserefpolicy/policy/modules/services/automount.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/automount.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/automount.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/automount.te 2010-07-09 08:39:39.083389856 +0200
@@ -145,6 +145,7 @@
# Run mount in the mount_t domain.
@@ -11655,8 +11696,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
userdom_dontaudit_use_unpriv_user_fds(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.8.6/policy/modules/services/avahi.if
---- nsaserefpolicy/policy/modules/services/avahi.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/avahi.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/avahi.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/avahi.if 2010-07-09 08:39:39.084412978 +0200
@@ -90,6 +90,7 @@
class dbus send_msg;
')
@@ -11666,8 +11707,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
allow avahi_t $1:dbus send_msg;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.8.6/policy/modules/services/bind.if
---- nsaserefpolicy/policy/modules/services/bind.if 2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/bind.if 2010-06-25 13:19:23.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bind.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/bind.if 2010-07-09 08:39:39.085411515 +0200
@@ -359,9 +359,9 @@
interface(`bind_admin',`
gen_require(`
@@ -11691,8 +11732,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
files_list_pids($1)
admin_pattern($1, named_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.8.6/policy/modules/services/bitlbee.te
---- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/bitlbee.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/bitlbee.te 2010-07-09 08:39:39.087385192 +0200
@@ -27,6 +27,7 @@
# Local policy
#
@@ -11713,8 +11754,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
sysnet_dns_name_resolve(bitlbee_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.8.6/policy/modules/services/bluetooth.if
---- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/bluetooth.if 2010-06-25 13:21:01.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/bluetooth.if 2010-07-09 08:39:39.088385127 +0200
@@ -117,6 +117,27 @@
########################################
@@ -11763,8 +11804,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
admin_pattern($1, bluetooth_var_lib_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.fc serefpolicy-3.8.6/policy/modules/services/boinc.fc
---- nsaserefpolicy/policy/modules/services/boinc.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/boinc.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/boinc.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/boinc.fc 2010-07-09 08:39:39.089385200 +0200
@@ -0,0 +1,6 @@
+
+/etc/rc\.d/init\.d/boinc_client -- gen_context(system_u:object_r:boinc_initrc_exec_t,s0)
@@ -11773,8 +11814,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+
+/var/lib/boinc(/.*)? gen_context(system_u:object_r:boinc_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.if serefpolicy-3.8.6/policy/modules/services/boinc.if
---- nsaserefpolicy/policy/modules/services/boinc.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/boinc.if 2010-06-25 13:19:35.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/boinc.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/boinc.if 2010-07-09 08:39:39.090384995 +0200
@@ -0,0 +1,151 @@
+
+## <summary>policy for boinc</summary>
@@ -11928,9 +11969,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+ admin_pattern($1, boinc_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.8.6/policy/modules/services/boinc.te
---- nsaserefpolicy/policy/modules/services/boinc.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/boinc.te 2010-06-28 09:37:14.000000000 -0400
-@@ -0,0 +1,94 @@
+--- nsaserefpolicy/policy/modules/services/boinc.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/boinc.te 2010-07-09 09:59:27.747135432 +0200
+@@ -0,0 +1,96 @@
+policy_module(boinc,1.0.0)
+
+########################################
@@ -12010,6 +12051,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+
+domain_read_all_domains_state(boinc_t)
+
++files_dontaudit_getattr_boot_dirs(boinc_t)
++
+files_read_etc_files(boinc_t)
+files_read_usr_files(boinc_t)
+
@@ -12026,16 +12069,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+
+mta_send_mail(boinc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.fc serefpolicy-3.8.6/policy/modules/services/bugzilla.fc
---- nsaserefpolicy/policy/modules/services/bugzilla.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/bugzilla.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bugzilla.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/bugzilla.fc 2010-07-09 08:39:39.091384928 +0200
@@ -0,0 +1,4 @@
+
+/usr/share/bugzilla(/.*)? -d gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)
+/usr/share/bugzilla(/.*)? -- gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0)
+/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.if serefpolicy-3.8.6/policy/modules/services/bugzilla.if
---- nsaserefpolicy/policy/modules/services/bugzilla.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/bugzilla.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bugzilla.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/bugzilla.if 2010-07-09 08:39:39.092411123 +0200
@@ -0,0 +1,39 @@
+## <summary>Bugzilla server</summary>
+
@@ -12077,8 +12120,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz
+ dontaudit $1 httpd_bugzilla_script_t:unix_stream_socket { read write };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.te serefpolicy-3.8.6/policy/modules/services/bugzilla.te
---- nsaserefpolicy/policy/modules/services/bugzilla.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/bugzilla.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bugzilla.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/bugzilla.te 2010-07-09 08:39:39.093437597 +0200
@@ -0,0 +1,56 @@
+policy_module(bugzilla, 1.0)
+
@@ -12137,8 +12180,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.fc serefpolicy-3.8.6/policy/modules/services/cachefilesd.fc
---- nsaserefpolicy/policy/modules/services/cachefilesd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cachefilesd.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.fc 2010-07-09 08:39:39.094384661 +0200
@@ -0,0 +1,29 @@
+###############################################################################
+#
@@ -12170,8 +12213,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
+
+/var/run/cachefilesd\.pid -- gen_context(system_u:object_r:cachefiles_var_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.if serefpolicy-3.8.6/policy/modules/services/cachefilesd.if
---- nsaserefpolicy/policy/modules/services/cachefilesd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cachefilesd.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.if 2010-07-09 08:39:39.095385084 +0200
@@ -0,0 +1,41 @@
+###############################################################################
+#
@@ -12215,8 +12258,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
+ allow cachefilesd_t $1:process sigchld;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.te serefpolicy-3.8.6/policy/modules/services/cachefilesd.te
---- nsaserefpolicy/policy/modules/services/cachefilesd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cachefilesd.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cachefilesd.te 2010-07-09 08:39:39.096385297 +0200
@@ -0,0 +1,147 @@
+###############################################################################
+#
@@ -12366,8 +12409,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
+
+dev_search_sysfs(cachefiles_kernel_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.8.6/policy/modules/services/ccs.te
---- nsaserefpolicy/policy/modules/services/ccs.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ccs.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ccs.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ccs.te 2010-07-09 08:39:39.097385371 +0200
@@ -118,5 +118,10 @@
')
@@ -12380,8 +12423,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.
unconfined_use_fds(ccs_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.8.6/policy/modules/services/certmaster.if
---- nsaserefpolicy/policy/modules/services/certmaster.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/certmaster.if 2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/certmaster.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/certmaster.if 2010-07-09 08:39:39.098384816 +0200
@@ -18,6 +18,25 @@
domtrans_pattern($1, certmaster_exec_t, certmaster_t)
')
@@ -12409,8 +12452,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
## <summary>
## read certmaster logs.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.if serefpolicy-3.8.6/policy/modules/services/certmonger.if
---- nsaserefpolicy/policy/modules/services/certmonger.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/certmonger.if 2010-06-25 13:17:18.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/certmonger.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/certmonger.if 2010-07-09 08:39:39.099385169 +0200
@@ -167,8 +167,8 @@
allow $2 system_r;
@@ -12423,8 +12466,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
+ admin_pattern($1, certmonger_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.te serefpolicy-3.8.6/policy/modules/services/certmonger.te
---- nsaserefpolicy/policy/modules/services/certmonger.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/certmonger.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/certmonger.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/certmonger.te 2010-07-09 08:39:39.100385033 +0200
@@ -68,5 +68,5 @@
')
@@ -12433,8 +12476,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
+ pcscd_stream_connect(certmonger_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.8.6/policy/modules/services/cgroup.if
---- nsaserefpolicy/policy/modules/services/cgroup.if 2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cgroup.if 2010-06-25 13:20:49.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cgroup.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cgroup.if 2010-07-09 08:39:39.101385246 +0200
@@ -121,7 +121,6 @@
gen_require(`
type cgred_t, cgconfig_t, cgred_var_run_t;
@@ -12452,8 +12495,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
admin_pattern($1, cgred_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.8.6/policy/modules/services/cgroup.te
---- nsaserefpolicy/policy/modules/services/cgroup.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cgroup.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cgroup.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cgroup.te 2010-07-09 08:39:39.101385246 +0200
@@ -18,8 +18,8 @@
type cgrules_etc_t;
files_config_file(cgrules_etc_t)
@@ -12466,8 +12509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
type cgconfig_initrc_exec_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.8.6/policy/modules/services/chronyd.if
---- nsaserefpolicy/policy/modules/services/chronyd.if 2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/chronyd.if 2010-06-25 13:20:28.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/chronyd.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/chronyd.if 2010-07-09 08:39:39.102385250 +0200
@@ -19,6 +19,24 @@
domtrans_pattern($1, chronyd_exec_t, chronyd_t)
')
@@ -12575,8 +12618,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
+ admin_pattern($1, chronyd_tmpfs_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.8.6/policy/modules/services/chronyd.te
---- nsaserefpolicy/policy/modules/services/chronyd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/chronyd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/chronyd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/chronyd.te 2010-07-09 08:39:39.103385324 +0200
@@ -15,6 +15,9 @@
type chronyd_keys_t;
files_type(chronyd_keys_t)
@@ -12607,8 +12650,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
# bind to udp/323
corenet_udp_bind_chronyd_port(chronyd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.8.6/policy/modules/services/clamav.te
---- nsaserefpolicy/policy/modules/services/clamav.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/clamav.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/clamav.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/clamav.te 2010-07-09 08:39:39.105385890 +0200
@@ -92,7 +92,7 @@
manage_dirs_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
manage_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
@@ -12647,8 +12690,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.fc serefpolicy-3.8.6/policy/modules/services/cmirrord.fc
---- nsaserefpolicy/policy/modules/services/cmirrord.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cmirrord.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cmirrord.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cmirrord.fc 2010-07-09 08:39:39.105385890 +0200
@@ -0,0 +1,6 @@
+
+/etc/rc\.d/init\.d/cmirrord -- gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)
@@ -12657,8 +12700,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
+
+/var/run/cmirrord\.pid -- gen_context(system_u:object_r:cmirrord_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.if serefpolicy-3.8.6/policy/modules/services/cmirrord.if
---- nsaserefpolicy/policy/modules/services/cmirrord.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cmirrord.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cmirrord.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cmirrord.if 2010-07-09 08:39:39.106385196 +0200
@@ -0,0 +1,118 @@
+
+## <summary>policy for cmirrord</summary>
@@ -12779,8 +12822,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
+
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.te serefpolicy-3.8.6/policy/modules/services/cmirrord.te
---- nsaserefpolicy/policy/modules/services/cmirrord.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cmirrord.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cmirrord.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/cmirrord.te 2010-07-09 08:39:39.107387574 +0200
@@ -0,0 +1,56 @@
+policy_module(cmirrord,1.0.0)
+
@@ -12839,8 +12882,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
+ corosync_stream_connect(cmirrord_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.8.6/policy/modules/services/cobbler.fc
---- nsaserefpolicy/policy/modules/services/cobbler.fc 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/cobbler.fc 2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cobbler.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cobbler.fc 2010-07-09 08:39:39.108385134 +0200
@@ -1,7 +1,32 @@
-/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t, s0)
-/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0)
@@ -12880,8 +12923,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
-/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0)
-/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.8.6/policy/modules/services/cobbler.if
---- nsaserefpolicy/policy/modules/services/cobbler.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cobbler.if 2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cobbler.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cobbler.if 2010-07-09 08:39:39.110385141 +0200
@@ -1,14 +1,4 @@
## <summary>Cobbler installation server.</summary>
-## <desc>
@@ -13134,8 +13177,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.8.6/policy/modules/services/cobbler.te
---- nsaserefpolicy/policy/modules/services/cobbler.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cobbler.te 2010-06-25 17:37:55.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cobbler.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cobbler.te 2010-07-09 08:39:39.111385145 +0200
@@ -1,3 +1,4 @@
+
policy_module(cobbler, 1.1.0)
@@ -13385,8 +13428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
+ dontaudit cobblerd_t httpdcontent:dir relabel_dir_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.8.6/policy/modules/services/consolekit.te
---- nsaserefpolicy/policy/modules/services/consolekit.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/consolekit.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/consolekit.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/consolekit.te 2010-07-09 08:39:39.112411410 +0200
@@ -15,6 +15,9 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -13452,8 +13495,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
unconfined_stream_connect(consolekit_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.8.6/policy/modules/services/corosync.fc
---- nsaserefpolicy/policy/modules/services/corosync.fc 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/corosync.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/corosync.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/corosync.fc 2010-07-09 08:39:39.113411972 +0200
@@ -3,6 +3,7 @@
/usr/sbin/corosync -- gen_context(system_u:object_r:corosync_exec_t,s0)
@@ -13463,9 +13506,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
/var/lib/corosync(/.*)? gen_context(system_u:object_r:corosync_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.8.6/policy/modules/services/corosync.te
---- nsaserefpolicy/policy/modules/services/corosync.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/corosync.te 2010-06-21 10:53:58.000000000 -0400
-@@ -32,8 +32,8 @@
+--- nsaserefpolicy/policy/modules/services/corosync.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/corosync.te 2010-07-09 09:07:25.113135329 +0200
+@@ -5,6 +5,13 @@
+ # Declarations
+ #
+
++## <desc>
++## <p>
++## Allow corosync to read and write generic tmpfs files.
++## </p>
++## </desc>
++gen_tunable(allow_corosync_rw_tmpfs, false)
++
+ type corosync_t;
+ type corosync_exec_t;
+ init_daemon_domain(corosync_t, corosync_exec_t)
+@@ -32,8 +39,8 @@
# corosync local policy
#
@@ -13476,7 +13533,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
allow corosync_t self:fifo_file rw_fifo_file_perms;
allow corosync_t self:sem create_sem_perms;
-@@ -41,6 +41,8 @@
+@@ -41,6 +48,8 @@
allow corosync_t self:unix_dgram_socket create_socket_perms;
allow corosync_t self:udp_socket create_socket_perms;
@@ -13485,7 +13542,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
manage_dirs_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
manage_files_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
files_tmp_filetrans(corosync_t, corosync_tmp_t, { file dir })
-@@ -63,8 +65,10 @@
+@@ -63,8 +72,10 @@
files_pid_filetrans(corosync_t, corosync_var_run_t, { file sock_file })
kernel_read_system_state(corosync_t)
@@ -13496,7 +13553,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
corenet_udp_bind_netsupport_port(corosync_t)
-@@ -73,6 +77,7 @@
+@@ -73,6 +84,7 @@
domain_read_all_domains_state(corosync_t)
files_manage_mounttab(corosync_t)
@@ -13504,15 +13561,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
auth_use_nsswitch(corosync_t)
-@@ -83,6 +88,7 @@
+@@ -83,19 +95,26 @@
miscfiles_read_localization(corosync_t)
+userdom_delete_user_tmpfs_files(corosync_t)
userdom_rw_user_tmpfs_files(corosync_t)
++tunable_policy(`allow_corosync_rw_tmpfs',`
++ fs_rw_tmpfs_files(corosync_t)
++')
++
optional_policy(`
-@@ -90,12 +96,13 @@
+ ccs_read_config(corosync_t)
')
optional_policy(`
@@ -13528,12 +13589,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
+ # to communication with RHCS
+ rhcs_rw_cluster_shm(corosync_t)
+ rhcs_rw_cluster_semaphores(corosync_t)
++ rhcs_stream_connect_cluster(corosync_t)
')
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.8.6/policy/modules/services/cron.fc
---- nsaserefpolicy/policy/modules/services/cron.fc 2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cron.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cron.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cron.fc 2010-07-09 08:39:39.115384951 +0200
@@ -14,7 +14,7 @@
/var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -13552,8 +13614,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+
+/var/log/mcelog.* -- gen_context(system_u:object_r:cron_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.8.6/policy/modules/services/cron.if
---- nsaserefpolicy/policy/modules/services/cron.if 2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cron.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cron.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cron.if 2010-07-09 08:39:39.116384955 +0200
@@ -12,6 +12,10 @@
## </param>
#
@@ -13738,8 +13800,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+ manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.8.6/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cron.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cron.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cron.te 2010-07-09 08:39:39.119385246 +0200
@@ -63,9 +63,12 @@
type crond_tmp_t;
@@ -14034,8 +14096,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
tunable_policy(`fcron_crond', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.8.6/policy/modules/services/cups.fc
---- nsaserefpolicy/policy/modules/services/cups.fc 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cups.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cups.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cups.fc 2010-07-09 08:39:39.120384970 +0200
@@ -71,3 +71,9 @@
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
/var/run/udev-configure-printer(/.*)? gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
@@ -14047,8 +14109,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.8.6/policy/modules/services/cups.if
---- nsaserefpolicy/policy/modules/services/cups.if 2009-07-28 15:51:13.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cups.if 2010-06-25 13:20:18.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cups.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cups.if 2010-07-09 08:39:39.121387488 +0200
@@ -314,7 +314,7 @@
interface(`cups_admin',`
gen_require(`
@@ -14069,8 +14131,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
files_list_tmp($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.8.6/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cups.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cups.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cups.te 2010-07-09 08:39:39.122385118 +0200
@@ -15,6 +15,7 @@
type cupsd_t;
type cupsd_exec_t;
@@ -14145,8 +14207,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
tunable_policy(`use_nfs_home_dirs',`
fs_search_auto_mountpoints(cups_pdf_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.8.6/policy/modules/services/cvs.te
---- nsaserefpolicy/policy/modules/services/cvs.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cvs.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cvs.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cvs.te 2010-07-09 08:39:39.123411801 +0200
@@ -112,4 +112,5 @@
read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
@@ -14154,8 +14216,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
+ files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.8.6/policy/modules/services/cyrus.te
---- nsaserefpolicy/policy/modules/services/cyrus.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/cyrus.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cyrus.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/cyrus.te 2010-07-09 08:39:39.124411596 +0200
@@ -135,6 +135,7 @@
')
@@ -14165,8 +14227,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
snmp_stream_connect(cyrus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.8.6/policy/modules/services/dbus.if
---- nsaserefpolicy/policy/modules/services/dbus.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dbus.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dbus.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dbus.if 2010-07-09 08:39:39.125432971 +0200
@@ -42,8 +42,10 @@
gen_require(`
class dbus { send_msg acquire_svc };
@@ -14250,8 +14312,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write };
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.8.6/policy/modules/services/dbus.te
---- nsaserefpolicy/policy/modules/services/dbus.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dbus.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dbus.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dbus.te 2010-07-09 08:39:39.127385207 +0200
@@ -121,6 +121,7 @@
init_use_fds(system_dbusd_t)
@@ -14292,8 +14354,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+ xserver_append_xdm_home_files(session_bus_type)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.te serefpolicy-3.8.6/policy/modules/services/denyhosts.te
---- nsaserefpolicy/policy/modules/services/denyhosts.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/denyhosts.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/denyhosts.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/denyhosts.te 2010-07-09 08:39:39.128385141 +0200
@@ -25,7 +25,8 @@
#
# DenyHosts personal policy.
@@ -14325,8 +14387,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
sysnet_etc_filetrans_config(denyhosts_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.8.6/policy/modules/services/devicekit.te
---- nsaserefpolicy/policy/modules/services/devicekit.te 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/devicekit.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/devicekit.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/devicekit.te 2010-07-09 08:39:39.129384935 +0200
@@ -75,10 +75,12 @@
manage_files_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
files_var_lib_filetrans(devicekit_disk_t, devicekit_var_lib_t, dir)
@@ -14374,8 +14436,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
allow devicekit_power_t self:netlink_kobject_uevent_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.8.6/policy/modules/services/dhcp.te
---- nsaserefpolicy/policy/modules/services/dhcp.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dhcp.te 2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dhcp.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dhcp.te 2010-07-09 08:39:39.130385079 +0200
@@ -111,6 +111,11 @@
')
@@ -14389,8 +14451,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
dbus_connect_system_bus(dhcpd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.8.6/policy/modules/services/dnsmasq.te
---- nsaserefpolicy/policy/modules/services/dnsmasq.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dnsmasq.te 2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dnsmasq.te 2010-07-09 08:39:39.131385082 +0200
@@ -92,7 +92,11 @@
userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
@@ -14404,9 +14466,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
')
optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.8.6/policy/modules/services/dovecot.fc
+--- nsaserefpolicy/policy/modules/services/dovecot.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dovecot.fc 2010-07-09 08:49:36.123135184 +0200
+@@ -25,7 +25,7 @@
+ ifdef(`distro_redhat', `
+ /usr/libexec/dovecot/auth -- gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+ /usr/libexec/dovecot/deliver -- gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
+-/usr/libexec/dovecot/deliver-lda -- gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
++/usr/libexec/dovecot/dovecot-lda -- gen_context(system_u:object_r:dovecot_deliver_exec_t,s0)
+ /usr/libexec/dovecot/dovecot-auth -- gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.8.6/policy/modules/services/dovecot.if
---- nsaserefpolicy/policy/modules/services/dovecot.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dovecot.if 2010-06-25 13:20:06.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dovecot.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dovecot.if 2010-07-09 08:39:39.132385086 +0200
@@ -93,12 +93,14 @@
#
interface(`dovecot_admin',`
@@ -14449,8 +14523,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
admin_pattern($1, dovecot_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.8.6/policy/modules/services/dovecot.te
---- nsaserefpolicy/policy/modules/services/dovecot.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/dovecot.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dovecot.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/dovecot.te 2010-07-09 16:23:37.808134293 +0200
@@ -58,7 +58,7 @@
allow dovecot_t self:capability { dac_override dac_read_search chown kill net_bind_service setgid setuid sys_chroot };
@@ -14476,15 +14550,31 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
postfix_search_spool(dovecot_auth_t)
')
-@@ -302,4 +304,5 @@
+@@ -256,9 +258,15 @@
+ allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
+ allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
+
++allow dovecot_deliver_t dovecot_cert_t:dir search_dir_perms;
++
++can_exec(dovecot_deliver_t, dovecot_deliver_exec_t)
++
+ kernel_read_all_sysctls(dovecot_deliver_t)
+ kernel_read_system_state(dovecot_deliver_t)
+
++corecmd_exec_bin(dovecot_deliver_t)
++
+ files_read_etc_files(dovecot_deliver_t)
+ files_read_etc_runtime_files(dovecot_deliver_t)
+
+@@ -302,4 +310,5 @@
optional_policy(`
mta_manage_spool(dovecot_deliver_t)
+ mta_read_queue(dovecot_deliver_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.8.6/policy/modules/services/exim.fc
---- nsaserefpolicy/policy/modules/services/exim.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/exim.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/exim.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/exim.fc 2010-07-09 08:39:39.134385024 +0200
@@ -1,3 +1,6 @@
+
+/etc/rc\.d/init\.d/exim -- gen_context(system_u:object_r:exim_initrc_exec_t,s0)
@@ -14493,8 +14583,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
/var/log/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
/var/run/exim[0-9]?\.pid -- gen_context(system_u:object_r:exim_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.8.6/policy/modules/services/exim.if
---- nsaserefpolicy/policy/modules/services/exim.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/exim.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/exim.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/exim.if 2010-07-09 08:39:39.135385098 +0200
@@ -20,6 +20,24 @@
########################################
@@ -14568,8 +14658,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
+ admin_pattern($1, exim_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.8.6/policy/modules/services/exim.te
---- nsaserefpolicy/policy/modules/services/exim.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/exim.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/exim.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/exim.te 2010-07-09 08:39:39.136384822 +0200
@@ -35,6 +35,9 @@
application_executable_file(exim_exec_t)
mta_agent_executable(exim_exec_t)
@@ -14592,8 +14682,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
mysql_stream_connect(exim_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.8.6/policy/modules/services/fail2ban.if
---- nsaserefpolicy/policy/modules/services/fail2ban.if 2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/fail2ban.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/fail2ban.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/fail2ban.if 2010-07-09 08:39:39.137384686 +0200
@@ -138,6 +138,26 @@
########################################
@@ -14622,8 +14712,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
## an fail2ban environment
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.8.6/policy/modules/services/fprintd.te
---- nsaserefpolicy/policy/modules/services/fprintd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/fprintd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/fprintd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/fprintd.te 2010-07-09 08:39:39.138384969 +0200
@@ -54,4 +54,5 @@
policykit_read_lib(fprintd_t)
policykit_dbus_chat(fprintd_t)
@@ -14631,8 +14721,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fpri
+ policykit_dbus_chat_auth(fprintd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.8.6/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ftp.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ftp.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ftp.te 2010-07-09 08:39:39.139385043 +0200
@@ -40,6 +40,13 @@
## <desc>
@@ -14761,8 +14851,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
tunable_policy(`sftpd_enable_homedirs && use_nfs_home_dirs',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.8.6/policy/modules/services/git.fc
---- nsaserefpolicy/policy/modules/services/git.fc 2010-04-05 14:44:26.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/git.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/git.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/git.fc 2010-07-09 08:39:39.140409562 +0200
@@ -1,3 +1,12 @@
+HOME_DIR/public_git(/.*)? gen_context(system_u:object_r:git_session_content_t, s0)
+HOME_DIR/\.gitconfig -- gen_context(system_u:object_r:git_session_content_t, s0)
@@ -14777,8 +14867,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
+/var/www/git(/.*)? gen_context(system_u:object_r:httpd_git_content_t,s0)
+/var/www/git/gitweb.cgi gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.8.6/policy/modules/services/git.if
---- nsaserefpolicy/policy/modules/services/git.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/git.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/git.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/git.if 2010-07-09 08:39:39.142385194 +0200
@@ -1 +1,525 @@
-## <summary>GIT revision control system</summary>
+## <summary>Fast Version Control System.</summary>
@@ -15307,8 +15397,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.8.6/policy/modules/services/git.te
---- nsaserefpolicy/policy/modules/services/git.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/git.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/git.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/git.te 2010-07-09 08:39:39.143385129 +0200
@@ -1,8 +1,192 @@
-policy_module(git, 1.0)
+policy_module(git, 1.0.3)
@@ -15506,8 +15596,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
+gen_user(git_shell_u, user, git_shell_r, s0, s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.8.6/policy/modules/services/gnomeclock.if
---- nsaserefpolicy/policy/modules/services/gnomeclock.if 2009-09-16 10:01:13.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/gnomeclock.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/gnomeclock.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/gnomeclock.if 2010-07-09 08:39:39.144385132 +0200
@@ -63,3 +63,24 @@
allow $1 gnomeclock_t:dbus send_msg;
allow gnomeclock_t $1:dbus send_msg;
@@ -15534,8 +15624,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
+ dontaudit gnomeclock_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.8.6/policy/modules/services/gpsd.te
---- nsaserefpolicy/policy/modules/services/gpsd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/gpsd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/gpsd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/gpsd.te 2010-07-09 08:39:39.145385136 +0200
@@ -56,6 +56,10 @@
miscfiles_read_localization(gpsd_t)
@@ -15548,8 +15638,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.8.6/policy/modules/services/hal.if
---- nsaserefpolicy/policy/modules/services/hal.if 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/hal.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/hal.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/hal.if 2010-07-09 08:39:39.146385000 +0200
@@ -377,6 +377,26 @@
########################################
@@ -15578,8 +15668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.8.6/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/hal.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/hal.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/hal.te 2010-07-09 08:39:39.147385004 +0200
@@ -54,6 +54,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -15675,8 +15765,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
#
# Local hald dccm policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.te serefpolicy-3.8.6/policy/modules/services/hddtemp.te
---- nsaserefpolicy/policy/modules/services/hddtemp.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/hddtemp.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/hddtemp.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/hddtemp.te 2010-07-09 08:39:39.148385427 +0200
@@ -26,6 +26,7 @@
corenet_tcp_bind_all_nodes(hddtemp_t)
corenet_tcp_bind_hddtemp_port(hddtemp_t)
@@ -15686,8 +15776,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddt
files_read_usr_files(hddtemp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.8.6/policy/modules/services/icecast.te
---- nsaserefpolicy/policy/modules/services/icecast.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/icecast.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/icecast.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/icecast.te 2010-07-09 08:39:39.149385221 +0200
@@ -37,6 +37,8 @@
manage_files_pattern(icecast_t, icecast_var_run_t, icecast_var_run_t)
files_pid_filetrans(icecast_t, icecast_var_run_t, { file dir })
@@ -15708,8 +15798,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
rtkit_scheduled(icecast_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.8.6/policy/modules/services/inn.te
---- nsaserefpolicy/policy/modules/services/inn.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/inn.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/inn.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/inn.te 2010-07-09 08:39:39.150409949 +0200
@@ -105,6 +105,7 @@
userdom_dontaudit_use_unpriv_user_fds(innd_t)
@@ -15719,8 +15809,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
mta_send_mail(innd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.8.6/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/kerberos.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/kerberos.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/kerberos.te 2010-07-09 08:39:39.151388302 +0200
@@ -126,10 +126,13 @@
corenet_tcp_bind_generic_node(kadmind_t)
corenet_udp_bind_generic_node(kadmind_t)
@@ -15746,8 +15836,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
manage_dirs_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
manage_files_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.fc serefpolicy-3.8.6/policy/modules/services/ksmtuned.fc
---- nsaserefpolicy/policy/modules/services/ksmtuned.fc 2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ksmtuned.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.fc 2010-07-09 08:39:39.152411074 +0200
@@ -3,3 +3,5 @@
/usr/sbin/ksmtuned -- gen_context(system_u:object_r:ksmtuned_exec_t,s0)
@@ -15755,8 +15845,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
+
+/var/log/ksmtuned.* gen_context(system_u:object_r:ksmtuned_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.if serefpolicy-3.8.6/policy/modules/services/ksmtuned.if
---- nsaserefpolicy/policy/modules/services/ksmtuned.if 2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.if 2010-06-25 13:17:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ksmtuned.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.if 2010-07-09 08:39:39.153384957 +0200
@@ -60,7 +60,7 @@
')
@@ -15767,8 +15857,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
files_list_pids($1)
admin_pattern($1, ksmtuned_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.te serefpolicy-3.8.6/policy/modules/services/ksmtuned.te
---- nsaserefpolicy/policy/modules/services/ksmtuned.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.te 2010-06-21 11:39:04.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ksmtuned.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ksmtuned.te 2010-07-09 08:39:39.154385101 +0200
@@ -9,6 +9,9 @@
type ksmtuned_exec_t;
init_daemon_domain(ksmtuned_t, ksmtuned_exec_t)
@@ -15807,8 +15897,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
miscfiles_read_localization(ksmtuned_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.8.6/policy/modules/services/ldap.fc
---- nsaserefpolicy/policy/modules/services/ldap.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ldap.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ldap.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ldap.fc 2010-07-09 08:39:39.155385175 +0200
@@ -1,6 +1,8 @@
/etc/ldap/slapd\.conf -- gen_context(system_u:object_r:slapd_etc_t,s0)
@@ -15825,8 +15915,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
+#/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.8.6/policy/modules/services/ldap.if
---- nsaserefpolicy/policy/modules/services/ldap.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ldap.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ldap.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ldap.if 2010-07-09 08:39:39.156385039 +0200
@@ -1,5 +1,43 @@
## <summary>OpenLDAP directory server</summary>
@@ -15929,8 +16019,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.8.6/policy/modules/services/ldap.te
---- nsaserefpolicy/policy/modules/services/ldap.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ldap.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ldap.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ldap.te 2010-07-09 08:39:39.157385113 +0200
@@ -27,9 +27,15 @@
type slapd_replog_t;
files_type(slapd_replog_t)
@@ -15966,8 +16056,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
manage_sock_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
files_pid_filetrans(slapd_t, slapd_var_run_t, { file sock_file })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.8.6/policy/modules/services/lircd.te
---- nsaserefpolicy/policy/modules/services/lircd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/lircd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/lircd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/lircd.te 2010-07-09 08:39:39.158384907 +0200
@@ -24,6 +24,7 @@
#
@@ -15986,8 +16076,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
dev_filetrans_lirc(lircd_t)
dev_rw_lirc(lircd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.if serefpolicy-3.8.6/policy/modules/services/memcached.if
---- nsaserefpolicy/policy/modules/services/memcached.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/memcached.if 2010-06-25 13:17:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/memcached.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/memcached.if 2010-07-09 08:39:39.159385120 +0200
@@ -59,6 +59,7 @@
gen_require(`
type memcached_t;
@@ -15997,8 +16087,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memc
allow $1 memcached_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.8.6/policy/modules/services/milter.if
---- nsaserefpolicy/policy/modules/services/milter.if 2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/milter.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/milter.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/milter.if 2010-07-09 08:39:39.160384914 +0200
@@ -37,6 +37,8 @@
files_read_etc_files($1_milter_t)
@@ -16034,8 +16124,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock.fc serefpolicy-3.8.6/policy/modules/services/mock.fc
---- nsaserefpolicy/policy/modules/services/mock.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mock.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mock.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mock.fc 2010-07-09 08:39:39.160384914 +0200
@@ -0,0 +1,6 @@
+
+/usr/sbin/mock -- gen_context(system_u:object_r:mock_exec_t,s0)
@@ -16044,8 +16134,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock
+
+/var/cache/mock(/.*)? gen_context(system_u:object_r:mock_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock.if serefpolicy-3.8.6/policy/modules/services/mock.if
---- nsaserefpolicy/policy/modules/services/mock.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mock.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mock.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mock.if 2010-07-09 08:39:39.162385131 +0200
@@ -0,0 +1,238 @@
+
+## <summary>policy for mock</summary>
@@ -16286,8 +16376,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock
+
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock.te serefpolicy-3.8.6/policy/modules/services/mock.te
---- nsaserefpolicy/policy/modules/services/mock.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mock.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mock.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mock.te 2010-07-09 08:39:39.162385131 +0200
@@ -0,0 +1,98 @@
+policy_module(mock,1.0.0)
+
@@ -16388,8 +16478,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock
+ apache_read_sys_content_rw_files(mock_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.8.6/policy/modules/services/modemmanager.te
---- nsaserefpolicy/policy/modules/services/modemmanager.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/modemmanager.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/modemmanager.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/modemmanager.te 2010-07-09 08:39:39.163384996 +0200
@@ -16,7 +16,8 @@
# ModemManager local policy
#
@@ -16419,8 +16509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mode
udev_read_db(modemmanager_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.fc serefpolicy-3.8.6/policy/modules/services/mpd.fc
---- nsaserefpolicy/policy/modules/services/mpd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mpd.fc 2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mpd.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mpd.fc 2010-07-09 08:39:39.164385209 +0200
@@ -0,0 +1,10 @@
+
+/etc/mpd\.conf -- gen_context(system_u:object_r:mpd_etc_t,s0)
@@ -16433,8 +16523,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+/var/lib/mpd/music(/.*)? gen_context(system_u:object_r:mpd_data_t,s0)
+/var/lib/mpd/playlists(/.*)? gen_context(system_u:object_r:mpd_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.if serefpolicy-3.8.6/policy/modules/services/mpd.if
---- nsaserefpolicy/policy/modules/services/mpd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mpd.if 2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mpd.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mpd.if 2010-07-09 08:39:39.165411823 +0200
@@ -0,0 +1,274 @@
+
+## <summary>policy for daemon for playing music</summary>
@@ -16711,9 +16801,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.te serefpolicy-3.8.6/policy/modules/services/mpd.te
---- nsaserefpolicy/policy/modules/services/mpd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mpd.te 2010-06-28 11:33:41.000000000 -0400
-@@ -0,0 +1,110 @@
+--- nsaserefpolicy/policy/modules/services/mpd.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/mpd.te 2010-07-09 09:35:41.097135148 +0200
+@@ -0,0 +1,111 @@
+policy_module(mpd,1.0.0)
+
+########################################
@@ -16790,6 +16880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+
+corenet_sendrecv_pulseaudio_client_packets(mpd_t)
+corenet_tcp_connect_http_port(mpd_t)
++corenet_tcp_connect_http_cache_port(mpd_t)
+corenet_tcp_connect_pulseaudio_port(mpd_t)
+corenet_tcp_bind_mpd_port(mpd_t)
+corenet_tcp_bind_soundd_port(mpd_t)
@@ -16825,8 +16916,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+ udev_read_db(mpd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.8.6/policy/modules/services/mta.fc
---- nsaserefpolicy/policy/modules/services/mta.fc 2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/mta.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mta.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/mta.fc 2010-07-09 08:39:39.167411063 +0200
@@ -13,6 +13,8 @@
/usr/bin/esmtp -- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -16837,8 +16928,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
/usr/lib/courier/bin/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.8.6/policy/modules/services/mta.if
---- nsaserefpolicy/policy/modules/services/mta.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/mta.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mta.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/mta.if 2010-07-09 08:39:39.169386765 +0200
@@ -220,6 +220,25 @@
application_executable_file($1)
')
@@ -16909,8 +17000,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.8.6/policy/modules/services/mta.te
---- nsaserefpolicy/policy/modules/services/mta.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/mta.te 2010-06-28 11:02:32.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mta.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/mta.te 2010-07-09 08:39:39.170385372 +0200
@@ -21,7 +21,7 @@
files_config_file(etc_mail_t)
@@ -17003,8 +17094,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.8.6/policy/modules/services/munin.if
---- nsaserefpolicy/policy/modules/services/munin.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/munin.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/munin.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/munin.if 2010-07-09 08:39:39.171411287 +0200
@@ -92,6 +92,24 @@
files_search_etc($1)
')
@@ -17031,8 +17122,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
## <summary>
## Append to the munin log.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.8.6/policy/modules/services/munin.te
---- nsaserefpolicy/policy/modules/services/munin.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/munin.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/munin.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/munin.te 2010-07-09 08:39:39.172395507 +0200
@@ -40,7 +40,7 @@
# Local policy
#
@@ -17116,8 +17207,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+term_getattr_all_ptys(system_munin_plugin_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.8.6/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/mysql.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mysql.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/mysql.te 2010-07-09 08:39:39.173412133 +0200
@@ -64,6 +64,7 @@
manage_dirs_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
@@ -17143,8 +17234,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
files_read_usr_files(mysqld_safe_t)
files_dontaudit_getattr_all_dirs(mysqld_safe_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.8.6/policy/modules/services/nagios.if
---- nsaserefpolicy/policy/modules/services/nagios.if 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nagios.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nagios.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nagios.if 2010-07-09 08:39:39.174386295 +0200
@@ -159,6 +159,26 @@
########################################
@@ -17173,8 +17264,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
## a domain transition.
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.8.6/policy/modules/services/nagios.te
---- nsaserefpolicy/policy/modules/services/nagios.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nagios.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nagios.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nagios.te 2010-07-09 08:39:39.175385321 +0200
@@ -107,13 +107,11 @@
files_read_etc_runtime_files(nagios_t)
files_read_kernel_symbol_table(nagios_t)
@@ -17209,8 +17300,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.8.6/policy/modules/services/networkmanager.fc
---- nsaserefpolicy/policy/modules/services/networkmanager.fc 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/networkmanager.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/networkmanager.fc 2010-07-09 08:39:39.176384976 +0200
@@ -2,6 +2,10 @@
/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -17223,8 +17314,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
/sbin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.8.6/policy/modules/services/networkmanager.if
---- nsaserefpolicy/policy/modules/services/networkmanager.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/networkmanager.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/networkmanager.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/networkmanager.if 2010-07-09 08:39:39.178385123 +0200
@@ -137,6 +137,27 @@
########################################
@@ -17305,8 +17396,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+ append_files_pattern($1, NetworkManager_log_t, NetworkManager_log_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.8.6/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/networkmanager.te 2010-06-25 16:48:01.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/networkmanager.te 2010-07-09 08:39:39.179385267 +0200
@@ -35,7 +35,7 @@
# networkmanager will ptrace itself if gdb is installed
@@ -17398,8 +17489,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.8.6/policy/modules/services/nscd.if
---- nsaserefpolicy/policy/modules/services/nscd.if 2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nscd.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nscd.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nscd.if 2010-07-09 08:39:39.180411182 +0200
@@ -121,6 +121,24 @@
########################################
@@ -17435,8 +17526,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.8.6/policy/modules/services/nscd.te
---- nsaserefpolicy/policy/modules/services/nscd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nscd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nscd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nscd.te 2010-07-09 16:25:11.753384075 +0200
@@ -1,9 +1,16 @@
-policy_module(nscd, 1.10.0)
+policy_module(nscd, 1.10.1)
@@ -17455,6 +17546,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
########################################
#
# Declarations
+@@ -30,7 +37,7 @@
+ # Local policy
+ #
+
+-allow nscd_t self:capability { kill setgid setuid };
++allow nscd_t self:capability { kill setgid setuid sys_ptrace };
+ dontaudit nscd_t self:capability sys_tty_config;
+ allow nscd_t self:process { getattr getcap setcap setsched signal_perms };
+ allow nscd_t self:fifo_file read_fifo_file_perms;
@@ -90,6 +97,7 @@
selinux_compute_relabel_context(nscd_t)
selinux_compute_user_contexts(nscd_t)
@@ -17492,8 +17592,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
+ unconfined_dontaudit_rw_packet_sockets(nscd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.te serefpolicy-3.8.6/policy/modules/services/nslcd.te
---- nsaserefpolicy/policy/modules/services/nslcd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nslcd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nslcd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nslcd.te 2010-07-09 08:39:39.182403717 +0200
@@ -34,6 +34,8 @@
manage_sock_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t)
files_pid_filetrans(nslcd_t, nslcd_var_run_t, { file dir })
@@ -17504,8 +17604,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslc
auth_use_nsswitch(nslcd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.8.6/policy/modules/services/ntp.te
---- nsaserefpolicy/policy/modules/services/ntp.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ntp.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ntp.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ntp.te 2010-07-09 08:39:39.183385143 +0200
@@ -96,9 +96,12 @@
dev_read_sysfs(ntpd_t)
# for SSP
@@ -17520,8 +17620,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
term_use_ptmx(ntpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.8.6/policy/modules/services/nut.te
---- nsaserefpolicy/policy/modules/services/nut.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nut.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nut.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nut.te 2010-07-09 08:39:39.184384867 +0200
@@ -103,6 +103,10 @@
mta_send_mail(nut_upsmon_t)
@@ -17534,8 +17634,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.
#
# Local policy for upsdrvctl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.8.6/policy/modules/services/nx.if
---- nsaserefpolicy/policy/modules/services/nx.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nx.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nx.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nx.if 2010-07-09 08:39:39.185385081 +0200
@@ -35,6 +35,7 @@
allow $1 nx_server_var_lib_t:dir search_dir_perms;
@@ -17545,8 +17645,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.i
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.8.6/policy/modules/services/nx.te
---- nsaserefpolicy/policy/modules/services/nx.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/nx.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nx.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/nx.te 2010-07-09 08:39:39.186385224 +0200
@@ -27,6 +27,9 @@
type nx_server_var_run_t;
files_pid_file(nx_server_var_run_t)
@@ -17568,8 +17668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.t
kernel_read_kernel_sysctls(nx_server_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.8.6/policy/modules/services/oddjob.fc
---- nsaserefpolicy/policy/modules/services/oddjob.fc 2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/oddjob.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/oddjob.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/oddjob.fc 2010-07-09 08:39:39.187385157 +0200
@@ -1,4 +1,5 @@
/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/libexec/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -17577,8 +17677,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.8.6/policy/modules/services/oddjob.if
---- nsaserefpolicy/policy/modules/services/oddjob.if 2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/oddjob.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/oddjob.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/oddjob.if 2010-07-09 08:39:39.188385092 +0200
@@ -44,6 +44,7 @@
')
@@ -17588,8 +17688,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.8.6/policy/modules/services/oddjob.te
---- nsaserefpolicy/policy/modules/services/oddjob.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/oddjob.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/oddjob.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/oddjob.te 2010-07-09 08:39:39.188385092 +0200
@@ -99,8 +99,7 @@
# Add/remove user home directories
@@ -17602,8 +17702,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
+userdom_manage_user_home_content(oddjob_mkhomedir_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oident.te serefpolicy-3.8.6/policy/modules/services/oident.te
---- nsaserefpolicy/policy/modules/services/oident.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/oident.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/oident.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/oident.te 2010-07-09 08:39:39.189385165 +0200
@@ -48,6 +48,7 @@
kernel_read_network_state(oidentd_t)
kernel_read_network_state_symlinks(oidentd_t)
@@ -17613,8 +17713,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oide
logging_send_syslog_msg(oidentd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.8.6/policy/modules/services/openvpn.te
---- nsaserefpolicy/policy/modules/services/openvpn.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/openvpn.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/openvpn.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/openvpn.te 2010-07-09 08:39:39.190411290 +0200
@@ -24,6 +24,9 @@
type openvpn_etc_rw_t;
files_config_file(openvpn_etc_rw_t)
@@ -17644,8 +17744,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
tunable_policy(`openvpn_enable_homedirs',`
userdom_read_user_home_content_files(openvpn_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.8.6/policy/modules/services/pegasus.te
---- nsaserefpolicy/policy/modules/services/pegasus.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/pegasus.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pegasus.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/pegasus.te 2010-07-09 08:39:39.191411713 +0200
@@ -29,7 +29,7 @@
# Local policy
#
@@ -17718,8 +17818,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
+ xen_stream_connect_xenstore(pegasus_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.fc serefpolicy-3.8.6/policy/modules/services/piranha.fc
---- nsaserefpolicy/policy/modules/services/piranha.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/piranha.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/piranha.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/piranha.fc 2010-07-09 08:39:39.192388180 +0200
@@ -0,0 +1,21 @@
+
+/etc/rc\.d/init\.d/pulse -- gen_context(system_u:object_r:piranha_pulse_initrc_exec_t,s0)
@@ -17743,8 +17843,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.if serefpolicy-3.8.6/policy/modules/services/piranha.if
---- nsaserefpolicy/policy/modules/services/piranha.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/piranha.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/piranha.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/piranha.if 2010-07-09 08:39:39.193410184 +0200
@@ -0,0 +1,175 @@
+
+## <summary>policy for piranha</summary>
@@ -17922,9 +18022,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+ manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.te serefpolicy-3.8.6/policy/modules/services/piranha.te
---- nsaserefpolicy/policy/modules/services/piranha.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/piranha.te 2010-06-21 10:53:58.000000000 -0400
-@@ -0,0 +1,181 @@
+--- nsaserefpolicy/policy/modules/services/piranha.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/piranha.te 2010-07-09 09:13:55.695135233 +0200
+@@ -0,0 +1,188 @@
+policy_module(piranha,1.0.0)
+
+########################################
@@ -17952,6 +18052,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+
+piranha_domain_template(web)
+
++type piranha_web_tmpfs_t;
++files_tmpfs_file(piranha_web_tmpfs_t)
++
+type piranha_etc_rw_t;
+files_type(piranha_etc_rw_t)
+
@@ -17991,6 +18094,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+manage_files_pattern(piranha_web_t, piranha_log_t, piranha_log_t)
+logging_log_filetrans(piranha_web_t, piranha_log_t, { dir file } )
+
++manage_dirs_pattern(piranha_web_t, piranha_web_tmpfs_t, piranha_web_tmpfs_t)
++manage_files_pattern(piranha_web_t, piranha_web_tmpfs_t, piranha_web_tmpfs_t)
++fs_tmpfs_filetrans(piranha_web_t, piranha_web_tmpfs_t, { dir file })
++
+piranha_pulse_initrc_domtrans(piranha_web_t)
+
+kernel_read_kernel_sysctls(piranha_web_t)
@@ -18107,8 +18214,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+
+sysnet_read_config(piranha_domain)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.te serefpolicy-3.8.6/policy/modules/services/plymouthd.te
---- nsaserefpolicy/policy/modules/services/plymouthd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/plymouthd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/plymouthd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/plymouthd.te 2010-07-09 08:39:39.195134943 +0200
@@ -60,10 +60,14 @@
files_read_etc_files(plymouthd_t)
files_read_usr_files(plymouthd_t)
@@ -18133,8 +18240,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
domain_use_interactive_fds(plymouth_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.8.6/policy/modules/services/policykit.fc
---- nsaserefpolicy/policy/modules/services/policykit.fc 2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/policykit.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/policykit.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/policykit.fc 2010-07-09 08:39:39.196135226 +0200
@@ -6,10 +6,13 @@
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
@@ -18151,8 +18258,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.8.6/policy/modules/services/policykit.if
---- nsaserefpolicy/policy/modules/services/policykit.if 2009-08-18 18:39:50.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/policykit.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/policykit.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/policykit.if 2010-07-09 08:39:39.197146474 +0200
@@ -17,12 +17,37 @@
class dbus send_msg;
')
@@ -18250,8 +18357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
+ allow $1 policykit_auth_t:process signal;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.8.6/policy/modules/services/policykit.te
---- nsaserefpolicy/policy/modules/services/policykit.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/policykit.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/policykit.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/policykit.te 2010-07-09 08:39:39.199135168 +0200
@@ -24,6 +24,9 @@
type policykit_reload_t alias polkit_reload_t;
files_type(policykit_reload_t)
@@ -18435,8 +18542,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
allow policykit_resolve_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.8.6/policy/modules/services/portreserve.fc
---- nsaserefpolicy/policy/modules/services/portreserve.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/portreserve.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/portreserve.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/portreserve.fc 2010-07-09 08:39:39.200135171 +0200
@@ -1,3 +1,6 @@
+
+/etc/rc\.d/init\.d/portreserve -- gen_context(system_u:object_r:portreserve_initrc_exec_t,s0)
@@ -18445,8 +18552,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.8.6/policy/modules/services/portreserve.if
---- nsaserefpolicy/policy/modules/services/portreserve.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/portreserve.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/portreserve.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/portreserve.if 2010-07-09 08:39:39.201135245 +0200
@@ -18,6 +18,24 @@
domtrans_pattern($1, portreserve_exec_t, portreserve_t)
')
@@ -18514,8 +18621,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
+ admin_pattern($1, portreserve_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.8.6/policy/modules/services/portreserve.te
---- nsaserefpolicy/policy/modules/services/portreserve.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/portreserve.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/portreserve.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/portreserve.te 2010-07-09 09:55:44.480135059 +0200
@@ -9,6 +9,9 @@
type portreserve_exec_t;
init_daemon_domain(portreserve_t, portreserve_exec_t)
@@ -18526,9 +18633,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
type portreserve_etc_t;
files_type(portreserve_etc_t)
+@@ -47,3 +50,5 @@
+ corenet_udp_bind_all_ports(portreserve_t)
+
+ files_read_etc_files(portreserve_t)
++
++userdom_dontaudit_search_user_home_content(portreserve_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.8.6/policy/modules/services/postfix.fc
---- nsaserefpolicy/policy/modules/services/postfix.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/postfix.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/postfix.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/postfix.fc 2010-07-09 08:39:39.202135318 +0200
@@ -1,4 +1,5 @@
# postfix
+/etc/rc\.d/init\.d/postfix -- gen_context(system_u:object_r:postfix_initrc_exec_t,s0)
@@ -18549,8 +18662,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
/usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.8.6/policy/modules/services/postfix.if
---- nsaserefpolicy/policy/modules/services/postfix.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/postfix.if 2010-06-25 13:19:47.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/postfix.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/postfix.if 2010-07-09 08:39:39.204134767 +0200
@@ -376,6 +376,25 @@
domtrans_pattern($1, postfix_master_exec_t, postfix_master_t)
')
@@ -18760,8 +18873,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.8.6/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/postfix.te 2010-06-28 12:56:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/postfix.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/postfix.te 2010-07-09 08:39:39.206135543 +0200
@@ -5,6 +5,15 @@
# Declarations
#
@@ -18912,8 +19025,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+userdom_home_filetrans_user_home_dir(postfix_virtual_t)
+userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.8.6/policy/modules/services/ppp.te
---- nsaserefpolicy/policy/modules/services/ppp.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ppp.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ppp.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ppp.te 2010-07-09 08:39:39.207135059 +0200
@@ -70,7 +70,7 @@
# PPPD Local policy
#
@@ -18933,8 +19046,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.8.6/policy/modules/services/procmail.fc
---- nsaserefpolicy/policy/modules/services/procmail.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/procmail.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/procmail.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/procmail.fc 2010-07-09 08:39:39.208146865 +0200
@@ -1,3 +1,5 @@
+HOME_DIR/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
+/root/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
@@ -18942,8 +19055,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
/usr/bin/procmail -- gen_context(system_u:object_r:procmail_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.8.6/policy/modules/services/procmail.te
---- nsaserefpolicy/policy/modules/services/procmail.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/procmail.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/procmail.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/procmail.te 2010-07-09 08:39:39.209135206 +0200
@@ -10,6 +10,9 @@
application_domain(procmail_t, procmail_exec_t)
role system_r types procmail_t;
@@ -18993,8 +19106,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
pyzor_signal(procmail_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.8.6/policy/modules/services/psad.if
---- nsaserefpolicy/policy/modules/services/psad.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/psad.if 2010-06-25 13:17:36.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/psad.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/psad.if 2010-07-09 08:39:39.210135279 +0200
@@ -176,6 +176,26 @@
########################################
@@ -19032,8 +19145,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad
allow $1 psad_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.8.6/policy/modules/services/psad.te
---- nsaserefpolicy/policy/modules/services/psad.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/psad.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/psad.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/psad.te 2010-07-09 08:39:39.211134864 +0200
@@ -85,6 +85,7 @@
dev_read_urand(psad_t)
@@ -19043,8 +19156,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad
fs_getattr_all_fs(psad_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/puppet.te serefpolicy-3.8.6/policy/modules/services/puppet.te
---- nsaserefpolicy/policy/modules/services/puppet.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/puppet.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/puppet.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/puppet.te 2010-07-09 08:39:39.212135287 +0200
@@ -221,6 +221,8 @@
sysnet_dns_name_resolve(puppetmaster_t)
sysnet_run_ifconfig(puppetmaster_t, system_r)
@@ -19055,8 +19168,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pupp
hostname_exec(puppetmaster_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.8.6/policy/modules/services/pyzor.fc
---- nsaserefpolicy/policy/modules/services/pyzor.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/pyzor.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pyzor.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/pyzor.fc 2010-07-09 08:39:39.213135151 +0200
@@ -1,6 +1,10 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -19069,8 +19182,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
/usr/bin/pyzor -- gen_context(system_u:object_r:pyzor_exec_t,s0)
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.8.6/policy/modules/services/pyzor.if
---- nsaserefpolicy/policy/modules/services/pyzor.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/pyzor.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pyzor.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/pyzor.if 2010-07-09 08:39:39.214135225 +0200
@@ -88,3 +88,50 @@
corecmd_search_bin($1)
can_exec($1, pyzor_exec_t)
@@ -19123,8 +19236,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.8.6/policy/modules/services/pyzor.te
---- nsaserefpolicy/policy/modules/services/pyzor.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/pyzor.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pyzor.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/pyzor.te 2010-07-09 08:39:39.215135019 +0200
@@ -5,6 +5,38 @@
# Declarations
#
@@ -19190,8 +19303,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.fc serefpolicy-3.8.6/policy/modules/services/qpidd.fc
---- nsaserefpolicy/policy/modules/services/qpidd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/qpidd.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/qpidd.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/qpidd.fc 2010-07-09 08:39:39.216153810 +0200
@@ -0,0 +1,9 @@
+
+/usr/sbin/qpidd -- gen_context(system_u:object_r:qpidd_exec_t,s0)
@@ -19203,8 +19316,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
+/var/run/qpidd(/.*)? gen_context(system_u:object_r:qpidd_var_run_t,s0)
+/var/run/qpidd\.pid gen_context(system_u:object_r:qpidd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.if serefpolicy-3.8.6/policy/modules/services/qpidd.if
---- nsaserefpolicy/policy/modules/services/qpidd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/qpidd.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/qpidd.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/qpidd.if 2010-07-09 08:39:39.217135097 +0200
@@ -0,0 +1,236 @@
+
+## <summary>policy for qpidd</summary>
@@ -19443,8 +19556,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
+ allow $1 qpidd_t:shm rw_shm_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.te serefpolicy-3.8.6/policy/modules/services/qpidd.te
---- nsaserefpolicy/policy/modules/services/qpidd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/qpidd.te 2010-06-25 15:10:37.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/qpidd.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/qpidd.te 2010-07-09 08:39:39.218135031 +0200
@@ -0,0 +1,59 @@
+policy_module(qpidd,1.0.0)
+
@@ -19506,8 +19619,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
+
+sysnet_dns_name_resolve(qpidd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.8.6/policy/modules/services/radius.te
---- nsaserefpolicy/policy/modules/services/radius.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/radius.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/radius.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/radius.te 2010-07-09 08:39:39.219135244 +0200
@@ -36,7 +36,7 @@
# gzip also needs chown access to preserve GID for radwtmp files
allow radiusd_t self:capability { chown dac_override fsetid kill setgid setuid sys_resource sys_tty_config };
@@ -19518,16 +19631,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
allow radiusd_t self:unix_stream_socket create_stream_socket_perms;
allow radiusd_t self:tcp_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.8.6/policy/modules/services/razor.fc
---- nsaserefpolicy/policy/modules/services/razor.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/razor.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/razor.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/razor.fc 2010-07-09 08:39:39.220135248 +0200
@@ -1,3 +1,4 @@
+/root/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
/etc/razor(/.*)? gen_context(system_u:object_r:razor_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.8.6/policy/modules/services/razor.if
---- nsaserefpolicy/policy/modules/services/razor.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/razor.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/razor.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/razor.if 2010-07-09 08:39:39.221135252 +0200
@@ -157,3 +157,45 @@
domtrans_pattern($1, razor_exec_t, razor_t)
@@ -19575,8 +19688,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.8.6/policy/modules/services/razor.te
---- nsaserefpolicy/policy/modules/services/razor.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/razor.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/razor.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/razor.te 2010-07-09 08:39:39.222135186 +0200
@@ -5,6 +5,32 @@
# Declarations
#
@@ -19629,8 +19742,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
+
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.8.6/policy/modules/services/rgmanager.fc
---- nsaserefpolicy/policy/modules/services/rgmanager.fc 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rgmanager.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rgmanager.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rgmanager.fc 2010-07-09 08:39:39.223145387 +0200
@@ -1,3 +1,5 @@
+/etc/rc\.d/init\.d/rgmanager -- gen_context(system_u:object_r:rgmanager_initrc_exec_t,s0)
+
@@ -19638,8 +19751,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
/var/log/cluster/rgmanager\.log -- gen_context(system_u:object_r:rgmanager_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.8.6/policy/modules/services/rgmanager.if
---- nsaserefpolicy/policy/modules/services/rgmanager.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rgmanager.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rgmanager.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rgmanager.if 2010-07-09 08:39:39.230134658 +0200
@@ -75,3 +75,64 @@
fs_search_tmpfs($1)
manage_files_pattern($1, rgmanager_tmpfs_t, rgmanager_tmpfs_t)
@@ -19706,8 +19819,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
+ admin_pattern($1, rgmanager_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.8.6/policy/modules/services/rgmanager.te
---- nsaserefpolicy/policy/modules/services/rgmanager.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rgmanager.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rgmanager.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rgmanager.te 2010-07-09 08:39:39.231135081 +0200
@@ -17,6 +17,9 @@
domain_type(rgmanager_t)
init_daemon_domain(rgmanager_t, rgmanager_exec_t)
@@ -19762,17 +19875,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
mysql_stream_connect(rgmanager_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.8.6/policy/modules/services/rhcs.if
---- nsaserefpolicy/policy/modules/services/rhcs.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rhcs.if 2010-06-21 10:53:58.000000000 -0400
-@@ -14,6 +14,7 @@
+--- nsaserefpolicy/policy/modules/services/rhcs.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rhcs.if 2010-07-09 10:11:46.230385859 +0200
+@@ -14,6 +14,8 @@
template(`rhcs_domain_template',`
gen_require(`
attribute cluster_domain;
+ attribute cluster_tmpfs;
++ attribute cluster_pid;
')
##############################
-@@ -25,7 +26,7 @@
+@@ -25,13 +27,13 @@
type $1_exec_t;
init_daemon_domain($1_t, $1_exec_t)
@@ -19781,7 +19895,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
files_tmpfs_file($1_tmpfs_t)
type $1_var_log_t;
-@@ -335,6 +336,46 @@
+ logging_log_file($1_var_log_t)
+
+- type $1_var_run_t;
++ type $1_var_run_t, cluster_pid;
+ files_pid_file($1_var_run_t)
+
+ ##############################
+@@ -335,6 +337,67 @@
manage_files_pattern($1, groupd_tmpfs_t, groupd_tmpfs_t)
')
@@ -19825,10 +19946,31 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
+ allow $1 cluster_domain:sem { rw_sem_perms destroy };
+')
+
++####################################
++## <summary>
++## Connect to cluster domains over a unix domain
++## stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`rhcs_stream_connect_cluster',`
++ gen_require(`
++ attribute cluster_domain;
++ attribute cluster_pid;
++ ')
++
++ files_search_pids($1)
++ stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain)
++')
++
######################################
## <summary>
## Execute a domain transition to run qdiskd.
-@@ -353,3 +394,21 @@
+@@ -353,3 +416,21 @@
corecmd_search_bin($1)
domtrans_pattern($1, qdiskd_exec_t, qdiskd_t)
')
@@ -19851,17 +19993,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
+ allow $1 qdiskd_tmpfs_t:file read_file_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.8.6/policy/modules/services/rhcs.te
---- nsaserefpolicy/policy/modules/services/rhcs.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rhcs.te 2010-06-21 10:53:58.000000000 -0400
-@@ -13,6 +13,7 @@
+--- nsaserefpolicy/policy/modules/services/rhcs.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rhcs.te 2010-07-09 09:10:06.331135765 +0200
+@@ -13,6 +13,8 @@
gen_tunable(fenced_can_network_connect, false)
attribute cluster_domain;
+attribute cluster_tmpfs;
++attribute cluster_pid;
rhcs_domain_template(dlm_controld)
-@@ -55,17 +56,13 @@
+@@ -55,17 +57,13 @@
init_rw_script_tmp_files(dlm_controld_t)
@@ -19880,7 +20023,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
allow fenced_t self:tcp_socket create_stream_socket_perms;
allow fenced_t self:udp_socket create_socket_perms;
-@@ -82,7 +79,10 @@
+@@ -82,7 +80,10 @@
stream_connect_pattern(fenced_t, groupd_var_run_t, groupd_var_run_t, groupd_t)
@@ -19891,7 +20034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
corenet_tcp_connect_http_port(fenced_t)
-@@ -106,7 +106,6 @@
+@@ -106,7 +107,6 @@
optional_policy(`
ccs_read_config(fenced_t)
@@ -19899,7 +20042,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
')
optional_policy(`
-@@ -139,10 +138,6 @@
+@@ -139,10 +139,6 @@
init_rw_script_tmp_files(gfs_controld_t)
optional_policy(`
@@ -19910,7 +20053,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
lvm_exec(gfs_controld_t)
dev_rw_lvm_control(gfs_controld_t)
')
-@@ -168,7 +163,7 @@
+@@ -168,7 +164,7 @@
# qdiskd local policy
#
@@ -19919,7 +20062,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
allow qdiskd_t self:tcp_socket create_stream_socket_perms;
allow qdiskd_t self:udp_socket create_socket_perms;
-@@ -207,10 +202,6 @@
+@@ -207,10 +203,6 @@
auth_use_nsswitch(qdiskd_t)
optional_policy(`
@@ -19930,7 +20073,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
netutils_domtrans_ping(qdiskd_t)
')
-@@ -236,5 +227,9 @@
+@@ -236,5 +228,9 @@
miscfiles_read_localization(cluster_domain)
optional_policy(`
@@ -19941,8 +20084,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
corosync_stream_connect(cluster_domain)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-3.8.6/policy/modules/services/ricci.fc
---- nsaserefpolicy/policy/modules/services/ricci.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ricci.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ricci.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ricci.fc 2010-07-09 08:39:39.235147109 +0200
@@ -1,3 +1,6 @@
+
+/etc/rc\.d/init\.d/ricci -- gen_context(system_u:object_r:ricci_initrc_exec_t,s0)
@@ -19951,8 +20094,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
/usr/libexec/ricci-modlog -- gen_context(system_u:object_r:ricci_modlog_exec_t,s0)
/usr/libexec/ricci-modrpm -- gen_context(system_u:object_r:ricci_modrpm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-3.8.6/policy/modules/services/ricci.if
---- nsaserefpolicy/policy/modules/services/ricci.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ricci.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ricci.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ricci.if 2010-07-09 08:39:39.236135030 +0200
@@ -18,6 +18,24 @@
domtrans_pattern($1, ricci_exec_t, ricci_t)
')
@@ -20027,8 +20170,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
+ admin_pattern($1, ricci_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.8.6/policy/modules/services/ricci.te
---- nsaserefpolicy/policy/modules/services/ricci.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ricci.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ricci.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ricci.te 2010-07-09 08:39:39.237135733 +0200
@@ -10,6 +10,9 @@
domain_type(ricci_t)
init_daemon_domain(ricci_t, ricci_exec_t)
@@ -20053,8 +20196,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
term_dontaudit_use_console(ricci_modstorage_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.fc serefpolicy-3.8.6/policy/modules/services/rlogin.fc
---- nsaserefpolicy/policy/modules/services/rlogin.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rlogin.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rlogin.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rlogin.fc 2010-07-09 08:39:39.238146981 +0200
@@ -1,4 +1,7 @@
HOME_DIR/\.rlogin -- gen_context(system_u:object_r:rlogind_home_t,s0)
+HOME_DIR/\.rhosts -- gen_context(system_u:object_r:rlogind_home_t,s0)
@@ -20064,8 +20207,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
/usr/kerberos/sbin/klogind -- gen_context(system_u:object_r:rlogind_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.8.6/policy/modules/services/rlogin.te
---- nsaserefpolicy/policy/modules/services/rlogin.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rlogin.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rlogin.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rlogin.te 2010-07-09 08:39:39.239146985 +0200
@@ -88,6 +88,7 @@
userdom_setattr_user_ptys(rlogind_t)
# cjp: this is egregious
@@ -20075,8 +20218,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
remotelogin_domtrans(rlogind_t)
remotelogin_signal(rlogind_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.8.6/policy/modules/services/rpcbind.if
---- nsaserefpolicy/policy/modules/services/rpcbind.if 2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/rpcbind.if 2010-06-25 13:17:49.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpcbind.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rpcbind.if 2010-07-09 08:39:39.240135395 +0200
@@ -141,7 +141,7 @@
allow $1 rpcbind_t:process { ptrace signal_perms };
ps_process_pattern($1, rpcbind_t)
@@ -20087,8 +20230,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
role_transition $2 rpcbind_initrc_exec_t system_r;
allow $2 system_r;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.8.6/policy/modules/services/rpcbind.te
---- nsaserefpolicy/policy/modules/services/rpcbind.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rpcbind.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpcbind.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rpcbind.te 2010-07-09 08:39:39.241152580 +0200
@@ -71,3 +71,7 @@
ifdef(`hide_broken_symptoms',`
dontaudit rpcbind_t self:udp_socket listen;
@@ -20098,8 +20241,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+ nis_use_ypbind(rpcbind_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.8.6/policy/modules/services/rpc.if
---- nsaserefpolicy/policy/modules/services/rpc.if 2010-04-06 15:15:38.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rpc.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpc.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rpc.if 2010-07-09 08:39:39.243135337 +0200
@@ -246,6 +246,26 @@
allow rpcd_t $1:process signal;
')
@@ -20134,8 +20277,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
+ allow $1 var_lib_nfs_t:file { relabelfrom relabelto };
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.8.6/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rpc.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpc.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rpc.te 2010-07-09 08:39:39.244135131 +0200
@@ -97,15 +97,26 @@
seutil_dontaudit_search_config(rpcd_t)
@@ -20181,8 +20324,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.8.6/policy/modules/services/rsync.if
---- nsaserefpolicy/policy/modules/services/rsync.if 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/rsync.if 2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rsync.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rsync.if 2010-07-09 08:39:39.245135205 +0200
@@ -119,7 +119,7 @@
type rsync_etc_t;
')
@@ -20244,8 +20387,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
+ files_etc_filetrans($1, rsync_etc_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.8.6/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rsync.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rsync.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rsync.te 2010-07-09 08:39:39.246135139 +0200
@@ -7,6 +7,13 @@
## <desc>
@@ -20306,8 +20449,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
+
auth_can_read_shadow_passwords(rsync_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.8.6/policy/modules/services/rtkit.if
---- nsaserefpolicy/policy/modules/services/rtkit.if 2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/rtkit.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rtkit.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/rtkit.if 2010-07-09 08:39:39.247135142 +0200
@@ -41,6 +41,27 @@
########################################
@@ -20337,8 +20480,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.8.6/policy/modules/services/samba.fc
---- nsaserefpolicy/policy/modules/services/samba.fc 2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/samba.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/samba.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/samba.fc 2010-07-09 08:39:39.247135142 +0200
@@ -51,3 +51,7 @@
/var/run/winbindd(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0)
@@ -20348,8 +20491,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+/var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.8.6/policy/modules/services/samba.if
---- nsaserefpolicy/policy/modules/services/samba.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/samba.if 2010-06-25 13:21:13.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/samba.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/samba.if 2010-07-09 08:39:39.249135080 +0200
@@ -79,6 +79,25 @@
########################################
@@ -20525,8 +20668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+ admin_pattern($1, samba_unconfined_script_exec_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.8.6/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/samba.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/samba.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/samba.te 2010-07-09 08:39:39.251135228 +0200
@@ -152,9 +152,6 @@
type winbind_log_t;
logging_log_file(winbind_log_t)
@@ -20660,8 +20803,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+ can_exec(smbd_t, samba_unconfined_script_exec_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.8.6/policy/modules/services/sasl.te
---- nsaserefpolicy/policy/modules/services/sasl.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sasl.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sasl.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sasl.te 2010-07-09 08:39:39.252134813 +0200
@@ -49,6 +49,9 @@
kernel_read_kernel_sysctls(saslauthd_t)
kernel_read_system_state(saslauthd_t)
@@ -20673,8 +20816,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
corenet_all_recvfrom_netlabel(saslauthd_t)
corenet_tcp_sendrecv_generic_if(saslauthd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.fc serefpolicy-3.8.6/policy/modules/services/sendmail.fc
---- nsaserefpolicy/policy/modules/services/sendmail.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sendmail.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sendmail.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sendmail.fc 2010-07-09 08:39:39.253146899 +0200
@@ -1,4 +1,6 @@
+/etc/rc\.d/init\.d/sendmail -- gen_context(system_u:object_r:sendmail_initrc_exec_t,s0)
@@ -20683,8 +20826,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
/var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.8.6/policy/modules/services/sendmail.if
---- nsaserefpolicy/policy/modules/services/sendmail.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sendmail.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sendmail.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sendmail.if 2010-07-09 08:39:39.254140268 +0200
@@ -57,6 +57,24 @@
allow sendmail_t $1:process sigchld;
')
@@ -20762,8 +20905,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+ admin_pattern($1, mail_spool_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.8.6/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sendmail.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sendmail.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sendmail.te 2010-07-09 08:39:39.255146907 +0200
@@ -19,6 +19,9 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -20827,8 +20970,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+ unconfined_domain_noaudit(unconfined_sendmail_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.8.6/policy/modules/services/setroubleshoot.if
---- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/setroubleshoot.if 2010-06-25 13:20:38.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/setroubleshoot.if 2010-07-09 08:39:39.256135247 +0200
@@ -105,6 +105,25 @@
########################################
@@ -20874,8 +21017,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
files_list_var_lib($1)
admin_pattern($1, setroubleshoot_var_lib_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.8.6/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/setroubleshoot.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/setroubleshoot.te 2010-07-09 08:39:39.258135045 +0200
@@ -32,6 +32,8 @@
allow setroubleshootd_t self:capability { dac_override sys_nice sys_tty_config };
@@ -20928,8 +21071,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
rpm_signull(setroubleshoot_fixit_t)
rpm_read_db(setroubleshoot_fixit_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.8.6/policy/modules/services/smartmon.te
---- nsaserefpolicy/policy/modules/services/smartmon.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/smartmon.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/smartmon.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/smartmon.te 2010-07-09 08:39:39.258135045 +0200
@@ -82,6 +82,8 @@
storage_raw_read_fixed_disk(fsdaemon_t)
storage_raw_write_fixed_disk(fsdaemon_t)
@@ -20940,8 +21083,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
term_dontaudit_search_ptys(fsdaemon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.te serefpolicy-3.8.6/policy/modules/services/smokeping.te
---- nsaserefpolicy/policy/modules/services/smokeping.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/smokeping.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/smokeping.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/smokeping.te 2010-07-09 08:39:39.259135049 +0200
@@ -23,6 +23,7 @@
# smokeping local policy
#
@@ -20959,8 +21102,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
logging_send_syslog_msg(smokeping_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.8.6/policy/modules/services/snmp.te
---- nsaserefpolicy/policy/modules/services/snmp.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/snmp.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/snmp.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/snmp.te 2010-07-09 08:39:39.260135262 +0200
@@ -24,7 +24,7 @@
#
# Local policy
@@ -20979,8 +21122,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
auth_use_nsswitch(snmpd_t)
auth_read_all_dirs_except_shadow(snmpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.8.6/policy/modules/services/snort.te
---- nsaserefpolicy/policy/modules/services/snort.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/snort.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/snort.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/snort.te 2010-07-09 08:39:39.262135270 +0200
@@ -61,6 +61,7 @@
kernel_read_proc_symlinks(snort_t)
kernel_request_load_module(snort_t)
@@ -20998,8 +21141,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
# Snort uses libpcap, which can also monitor USB traffic. Maybe this is a side effect?
dev_rw_generic_usb_dev(snort_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.8.6/policy/modules/services/spamassassin.fc
---- nsaserefpolicy/policy/modules/services/spamassassin.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/spamassassin.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/spamassassin.fc 2010-07-09 08:39:39.263135134 +0200
@@ -1,15 +1,26 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
@@ -21030,8 +21173,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+/var/spool/MD-Quarantine(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
+/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.8.6/policy/modules/services/spamassassin.if
---- nsaserefpolicy/policy/modules/services/spamassassin.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/spamassassin.if 2010-06-25 13:21:22.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/spamassassin.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/spamassassin.if 2010-07-09 08:39:39.264135138 +0200
@@ -111,6 +111,45 @@
')
@@ -21159,8 +21302,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+ admin_pattern($1, spamd_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.8.6/policy/modules/services/spamassassin.te
---- nsaserefpolicy/policy/modules/services/spamassassin.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/spamassassin.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/spamassassin.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/spamassassin.te 2010-07-09 08:39:39.266135216 +0200
@@ -19,6 +19,35 @@
## </desc>
gen_tunable(spamd_enable_home_dirs, true)
@@ -21477,8 +21620,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
udev_read_db(spamd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.8.6/policy/modules/services/ssh.fc
---- nsaserefpolicy/policy/modules/services/ssh.fc 2010-01-18 15:04:31.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/ssh.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ssh.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ssh.fc 2010-07-09 08:39:39.267147092 +0200
@@ -1,4 +1,9 @@
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
@@ -21497,8 +21640,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+/root/\.ssh(/.*)? gen_context(system_u:object_r:home_ssh_t,s0)
+/root/\.shosts gen_context(system_u:object_r:home_ssh_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.8.6/policy/modules/services/ssh.if
---- nsaserefpolicy/policy/modules/services/ssh.if 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ssh.if 2010-06-25 16:21:14.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ssh.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ssh.if 2010-07-09 08:39:39.269135297 +0200
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -21656,8 +21799,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
## <summary>
## Execute the ssh client in the caller domain.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.8.6/policy/modules/services/ssh.te
---- nsaserefpolicy/policy/modules/services/ssh.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ssh.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ssh.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ssh.te 2010-07-09 08:39:39.270135231 +0200
@@ -33,13 +33,12 @@
ssh_server_template(sshd)
init_daemon_domain(sshd_t, sshd_exec_t)
@@ -21812,8 +21955,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.8.6/policy/modules/services/sssd.te
---- nsaserefpolicy/policy/modules/services/sssd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sssd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sssd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sssd.te 2010-07-09 08:39:39.271146968 +0200
@@ -31,6 +31,7 @@
allow sssd_t self:capability { dac_read_search dac_override kill sys_nice setgid setuid };
allow sssd_t self:process { setfscreate setsched sigkill signal getsched };
@@ -21832,8 +21975,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
dbus_system_bus_client(sssd_t)
dbus_connect_system_bus(sssd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.8.6/policy/modules/services/sysstat.te
---- nsaserefpolicy/policy/modules/services/sysstat.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/sysstat.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sysstat.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/sysstat.te 2010-07-09 08:39:39.272135029 +0200
@@ -68,3 +68,8 @@
optional_policy(`
logging_send_syslog_msg(sysstat_t)
@@ -21844,8 +21987,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/syss
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.8.6/policy/modules/services/tftp.if
---- nsaserefpolicy/policy/modules/services/tftp.if 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/tftp.if 2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tftp.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tftp.if 2010-07-09 08:39:39.273135312 +0200
@@ -20,6 +20,25 @@
########################################
@@ -21910,8 +22053,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
## an tftp environment
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.8.6/policy/modules/services/tftp.te
---- nsaserefpolicy/policy/modules/services/tftp.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/tftp.te 2010-06-22 15:20:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tftp.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tftp.te 2010-07-09 08:39:39.274135107 +0200
@@ -94,6 +94,10 @@
')
@@ -21924,8 +22067,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd.te serefpolicy-3.8.6/policy/modules/services/tgtd.te
---- nsaserefpolicy/policy/modules/services/tgtd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/tgtd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tgtd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tgtd.te 2010-07-09 08:39:39.275135180 +0200
@@ -59,8 +59,12 @@
files_read_etc_files(tgtd_t)
@@ -21940,8 +22083,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd
+
+iscsi_manage_semaphores(tgtd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.8.6/policy/modules/services/tor.te
---- nsaserefpolicy/policy/modules/services/tor.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/tor.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tor.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tor.te 2010-07-09 08:39:39.276152156 +0200
@@ -100,6 +100,8 @@
auth_use_nsswitch(tor_t)
@@ -21952,8 +22095,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
tunable_policy(`tor_bind_all_unreserved_ports', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.8.6/policy/modules/services/tuned.te
---- nsaserefpolicy/policy/modules/services/tuned.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/tuned.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/tuned.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/tuned.te 2010-07-09 08:39:39.277152439 +0200
@@ -24,6 +24,7 @@
#
@@ -21974,8 +22117,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune
optional_policy(`
sysnet_domtrans_ifconfig(tuned_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.te serefpolicy-3.8.6/policy/modules/services/ucspitcp.te
---- nsaserefpolicy/policy/modules/services/ucspitcp.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/ucspitcp.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ucspitcp.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/ucspitcp.te 2010-07-09 08:39:39.278147205 +0200
@@ -91,3 +91,8 @@
daemontools_service_domain(ucspitcp_t, ucspitcp_exec_t)
daemontools_read_svc(ucspitcp_t)
@@ -21986,16 +22129,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucsp
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.fc serefpolicy-3.8.6/policy/modules/services/usbmuxd.fc
---- nsaserefpolicy/policy/modules/services/usbmuxd.fc 2010-04-05 14:44:26.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/usbmuxd.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/usbmuxd.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/usbmuxd.fc 2010-07-09 08:39:39.279135195 +0200
@@ -1,3 +1,3 @@
/usr/sbin/usbmuxd -- gen_context(system_u:object_r:usbmuxd_exec_t,s0)
-/var/run/usbmuxd -s gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
+/var/run/usbmuxd.* gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.if serefpolicy-3.8.6/policy/modules/services/varnishd.if
---- nsaserefpolicy/policy/modules/services/varnishd.if 2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/varnishd.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/varnishd.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/varnishd.if 2010-07-09 08:39:39.280135200 +0200
@@ -56,6 +56,25 @@
read_files_pattern($1, varnishd_etc_t, varnishd_etc_t)
')
@@ -22023,8 +22166,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varn
## <summary>
## Read varnish logs.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.if serefpolicy-3.8.6/policy/modules/services/vhostmd.if
---- nsaserefpolicy/policy/modules/services/vhostmd.if 2010-03-29 15:04:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/vhostmd.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/vhostmd.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/vhostmd.if 2010-07-09 08:39:39.281135343 +0200
@@ -42,7 +42,7 @@
## </summary>
## <param name="domain">
@@ -22035,8 +22178,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
## </param>
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.te serefpolicy-3.8.6/policy/modules/services/vhostmd.te
---- nsaserefpolicy/policy/modules/services/vhostmd.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/vhostmd.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/vhostmd.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/vhostmd.te 2010-07-09 08:39:39.282134998 +0200
@@ -44,6 +44,8 @@
corenet_tcp_connect_soundd_port(vhostmd_t)
@@ -22047,8 +22190,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
files_read_usr_files(vhostmd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.8.6/policy/modules/services/virt.fc
---- nsaserefpolicy/policy/modules/services/virt.fc 2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/virt.fc 2010-06-22 09:25:07.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/virt.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/virt.fc 2010-07-09 08:39:39.283135141 +0200
@@ -13,17 +13,18 @@
/etc/xen/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0)
@@ -22072,8 +22215,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
/var/vdsm(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.8.6/policy/modules/services/virt.if
---- nsaserefpolicy/policy/modules/services/virt.if 2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/virt.if 2010-06-28 17:16:24.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/virt.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/virt.if 2010-07-09 08:39:39.284135075 +0200
@@ -21,6 +21,7 @@
type $1_t, virt_domain;
domain_type($1_t)
@@ -22219,8 +22362,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.8.6/policy/modules/services/virt.te
---- nsaserefpolicy/policy/modules/services/virt.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/virt.te 2010-06-28 17:20:07.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/virt.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/virt.te 2010-07-09 08:39:39.286135223 +0200
@@ -4,6 +4,7 @@
#
# Declarations
@@ -22588,8 +22731,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.8.6/policy/modules/services/w3c.te
---- nsaserefpolicy/policy/modules/services/w3c.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/w3c.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/w3c.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/w3c.te 2010-07-09 08:39:39.287135575 +0200
@@ -7,11 +7,18 @@
apache_content_template(w3c_validator)
@@ -22616,8 +22759,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
+
+apache_dontaudit_rw_tmp_files(httpd_w3c_validator_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.8.6/policy/modules/services/xserver.fc
---- nsaserefpolicy/policy/modules/services/xserver.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/xserver.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/xserver.fc 2010-07-09 08:39:39.288135230 +0200
@@ -2,13 +2,23 @@
# HOME_DIR
#
@@ -22740,8 +22883,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+/var/lib/pqsql/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.8.6/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/xserver.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/xserver.if 2010-07-09 08:39:39.291134892 +0200
@@ -19,9 +19,10 @@
interface(`xserver_restricted_role',`
gen_require(`
@@ -23340,8 +23483,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.8.6/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/xserver.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/xserver.te 2010-07-09 08:39:39.295134978 +0200
@@ -35,6 +35,13 @@
## <desc>
@@ -24233,8 +24376,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ fs_append_cifs_files(xdmhomewriter)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-3.8.6/policy/modules/services/zabbix.te
---- nsaserefpolicy/policy/modules/services/zabbix.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/services/zabbix.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/zabbix.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/services/zabbix.te 2010-07-09 08:39:39.296135191 +0200
@@ -12,11 +12,9 @@
type zabbix_initrc_exec_t;
init_script_file(zabbix_initrc_exec_t)
@@ -24248,8 +24391,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
files_pid_file(zabbix_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zarafa.fc serefpolicy-3.8.6/policy/modules/services/zarafa.fc
---- nsaserefpolicy/policy/modules/services/zarafa.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/zarafa.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/zarafa.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/zarafa.fc 2010-07-09 08:39:39.297135265 +0200
@@ -0,0 +1,27 @@
+
+/etc/zarafa(/.*)? gen_context(system_u:object_r:zarafa_etc_t,s0)
@@ -24279,8 +24422,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zara
+/var/run/zarafa-ical\.pid -- gen_context(system_u:object_r:zarafa_ical_var_run_t,s0)
+/var/run/zarafa-monitor\.pid -- gen_context(system_u:object_r:zarafa_monitor_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zarafa.if serefpolicy-3.8.6/policy/modules/services/zarafa.if
---- nsaserefpolicy/policy/modules/services/zarafa.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/zarafa.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/zarafa.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/zarafa.if 2010-07-09 08:39:39.298135129 +0200
@@ -0,0 +1,105 @@
+
+## <summary>policy for zarafa services</summary>
@@ -24388,8 +24531,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zara
+ stream_connect_pattern($1, zarafa_server_t, zarafa_server_var_run_t, zarafa_server_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zarafa.te serefpolicy-3.8.6/policy/modules/services/zarafa.te
---- nsaserefpolicy/policy/modules/services/zarafa.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/services/zarafa.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/zarafa.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/services/zarafa.te 2010-07-09 08:39:39.299135203 +0200
@@ -0,0 +1,133 @@
+policy_module(zarafa, 1.0.0)
+
@@ -24525,8 +24668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zara
+ apache_content_template(zarafa)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.8.6/policy/modules/system/application.te
---- nsaserefpolicy/policy/modules/system/application.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/application.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/application.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/application.te 2010-07-09 08:39:39.300135416 +0200
@@ -6,6 +6,22 @@
# Executables to be run by user
attribute application_exec_type;
@@ -24551,8 +24694,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
ssh_sigchld(application_domain_type)
ssh_rw_stream_sockets(application_domain_type)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.8.6/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc 2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/authlogin.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/authlogin.fc 2010-07-09 08:39:39.301135210 +0200
@@ -10,6 +10,7 @@
/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)
@@ -24562,8 +24705,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
ifdef(`distro_suse', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.8.6/policy/modules/system/authlogin.if
---- nsaserefpolicy/policy/modules/system/authlogin.if 2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/authlogin.if 2010-06-25 14:22:53.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/authlogin.if 2010-07-09 08:39:39.302135144 +0200
@@ -91,9 +91,12 @@
interface(`auth_login_pgm_domain',`
gen_require(`
@@ -24686,8 +24829,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.8.6/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/authlogin.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/authlogin.te 2010-07-09 08:39:39.304135222 +0200
@@ -8,6 +8,7 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -24709,8 +24852,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+ userdom_relabelto_user_home_files(polydomain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.if serefpolicy-3.8.6/policy/modules/system/daemontools.if
---- nsaserefpolicy/policy/modules/system/daemontools.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/daemontools.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/daemontools.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/daemontools.if 2010-07-09 08:39:39.305135296 +0200
@@ -71,6 +71,32 @@
domtrans_pattern($1, svc_start_exec_t, svc_start_t)
')
@@ -24792,8 +24935,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
+ allow $1 svc_run_t:process sigchld;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.te serefpolicy-3.8.6/policy/modules/system/daemontools.te
---- nsaserefpolicy/policy/modules/system/daemontools.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/daemontools.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/daemontools.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/daemontools.te 2010-07-09 08:39:39.306135299 +0200
@@ -38,7 +38,10 @@
# multilog creates /service/*/log/status
manage_files_pattern(svc_multilog_t, svc_svc_t, svc_svc_t)
@@ -24867,8 +25010,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
daemontools_domtrans_run(svc_start_t)
daemontools_manage_svc(svc_start_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.8.6/policy/modules/system/fstools.fc
---- nsaserefpolicy/policy/modules/system/fstools.fc 2010-03-09 15:39:06.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/fstools.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/fstools.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/fstools.fc 2010-07-09 08:39:39.307135233 +0200
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -24883,8 +25026,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.8.6/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/fstools.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/fstools.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/fstools.te 2010-07-09 08:39:39.308135237 +0200
@@ -117,6 +117,8 @@
fs_search_tmpfs(fsadm_t)
fs_getattr_tmpfs_dirs(fsadm_t)
@@ -24919,8 +25062,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.8.6/policy/modules/system/getty.te
---- nsaserefpolicy/policy/modules/system/getty.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/getty.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/getty.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/getty.te 2010-07-09 08:39:39.309135381 +0200
@@ -83,7 +83,7 @@
term_setattr_all_ttys(getty_t)
term_setattr_unallocated_ttys(getty_t)
@@ -24931,8 +25074,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
auth_rw_login_records(getty_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.8.6/policy/modules/system/hostname.te
---- nsaserefpolicy/policy/modules/system/hostname.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/hostname.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/hostname.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/hostname.te 2010-07-09 08:39:39.310135454 +0200
@@ -26,15 +26,18 @@
dev_read_sysfs(hostname_t)
@@ -24964,8 +25107,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
xen_dontaudit_use_fds(hostname_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.8.6/policy/modules/system/hotplug.te
---- nsaserefpolicy/policy/modules/system/hotplug.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/hotplug.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/hotplug.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/hotplug.te 2010-07-09 08:39:39.311135458 +0200
@@ -23,7 +23,7 @@
#
@@ -24984,8 +25127,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
kernel_read_net_sysctls(hotplug_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.8.6/policy/modules/system/init.fc
---- nsaserefpolicy/policy/modules/system/init.fc 2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/init.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/init.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/init.fc 2010-07-09 08:39:39.312135183 +0200
@@ -44,6 +44,9 @@
/usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -24997,8 +25140,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
#
# /var
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.8.6/policy/modules/system/init.if
---- nsaserefpolicy/policy/modules/system/init.if 2010-03-18 10:35:11.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/init.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/init.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/init.if 2010-07-09 08:39:39.314135330 +0200
@@ -193,8 +193,10 @@
gen_require(`
attribute direct_run_init, direct_init, direct_init_entry;
@@ -25261,8 +25404,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.8.6/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/init.te 2010-06-22 10:17:42.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/init.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/init.te 2010-07-09 08:39:39.317135062 +0200
@@ -16,6 +16,27 @@
## </desc>
gen_tunable(init_upstart, false)
@@ -25721,8 +25864,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
+ allow daemon init_t:socket_class_set { getopt read getattr ioctl setopt write };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.8.6/policy/modules/system/ipsec.fc
---- nsaserefpolicy/policy/modules/system/ipsec.fc 2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/ipsec.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/ipsec.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/ipsec.fc 2010-07-09 08:39:39.318146869 +0200
@@ -25,6 +25,7 @@
/usr/libexec/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/libexec/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -25732,8 +25875,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
/usr/local/lib(64)?/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.8.6/policy/modules/system/ipsec.if
---- nsaserefpolicy/policy/modules/system/ipsec.if 2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/ipsec.if 2010-06-25 14:16:53.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/ipsec.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/ipsec.if 2010-07-09 08:39:39.319139051 +0200
@@ -20,6 +20,24 @@
########################################
@@ -25822,8 +25965,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.8.6/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/ipsec.te 2010-06-28 12:57:18.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/ipsec.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/ipsec.te 2010-07-09 08:39:39.321135217 +0200
@@ -72,7 +72,7 @@
#
@@ -25958,28 +26101,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
userdom_use_user_terminals(setkey_t)
+userdom_read_user_tmp_files(setkey_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.8.6/policy/modules/system/iptables.fc
---- nsaserefpolicy/policy/modules/system/iptables.fc 2010-02-12 16:41:05.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/iptables.fc 2010-06-21 10:53:58.000000000 -0400
-@@ -1,12 +1,14 @@
+--- nsaserefpolicy/policy/modules/system/iptables.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iptables.fc 2010-07-09 17:14:51.394143904 +0200
+@@ -1,12 +1,19 @@
/etc/rc\.d/init\.d/ip6?tables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
-/etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:iptables_conf_t,s0)
-/etc/sysconfig/system-config-firewall.* -- gen_context(system_u:object_r:iptables_conf_t,s0)
++/etc/rc\.d/init\.d/ebtables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
/sbin/ip6?tables -- gen_context(system_u:object_r:iptables_exec_t,s0)
/sbin/ip6?tables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
/sbin/ip6?tables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ebtables -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ebtables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
++
+/sbin/ipvsadm -- gen_context(system_u:object_r:iptables_exec_t,s0)
+/sbin/ipvsadm-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
+/sbin/ipvsadm-save -- gen_context(system_u:object_r:iptables_exec_t,s0)
+
++
/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/iptables -- gen_context(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/iptables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.8.6/policy/modules/system/iptables.if
---- nsaserefpolicy/policy/modules/system/iptables.if 2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/iptables.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iptables.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iptables.if 2010-07-09 08:39:39.323135155 +0200
@@ -17,6 +17,10 @@
corecmd_search_bin($1)
@@ -25992,8 +26140,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.8.6/policy/modules/system/iptables.te
---- nsaserefpolicy/policy/modules/system/iptables.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/iptables.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iptables.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iptables.te 2010-07-09 16:52:07.942133987 +0200
@@ -13,9 +13,6 @@
type iptables_initrc_exec_t;
init_script_file(iptables_initrc_exec_t)
@@ -26022,12 +26170,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
manage_files_pattern(iptables_t, iptables_var_run_t, iptables_var_run_t)
files_pid_filetrans(iptables_t, iptables_var_run_t, file)
-@@ -52,10 +51,16 @@
+@@ -52,10 +51,17 @@
kernel_read_modprobe_sysctls(iptables_t)
kernel_use_fds(iptables_t)
+# needed by ipvsadm
+corecmd_exec_bin(iptables_t)
++corecmd_exec_shell(iptables_t)
+
corenet_relabelto_all_packets(iptables_t)
corenet_dontaudit_rw_tun_tap_dev(iptables_t)
@@ -26039,7 +26188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
fs_getattr_xattr_fs(iptables_t)
fs_search_auto_mountpoints(iptables_t)
-@@ -64,11 +69,13 @@
+@@ -64,11 +70,13 @@
mls_file_read_all_levels(iptables_t)
term_dontaudit_use_console(iptables_t)
@@ -26053,7 +26202,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
auth_use_nsswitch(iptables_t)
-@@ -77,6 +84,7 @@
+@@ -77,6 +85,7 @@
# to allow rules to be saved on reboot:
init_rw_script_tmp_files(iptables_t)
init_rw_script_stream_sockets(iptables_t)
@@ -26061,7 +26210,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
logging_send_syslog_msg(iptables_t)
-@@ -90,6 +98,7 @@
+@@ -90,6 +99,7 @@
optional_policy(`
fail2ban_append_log(iptables_t)
@@ -26069,7 +26218,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
')
optional_policy(`
-@@ -112,6 +121,7 @@
+@@ -112,6 +122,7 @@
optional_policy(`
psad_rw_tmp_files(iptables_t)
@@ -26078,8 +26227,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.8.6/policy/modules/system/iscsi.if
---- nsaserefpolicy/policy/modules/system/iscsi.if 2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/iscsi.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iscsi.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iscsi.if 2010-07-09 08:39:39.325135023 +0200
@@ -56,3 +56,21 @@
allow $1 iscsi_var_lib_t:dir list_dir_perms;
files_search_var_lib($1)
@@ -26103,8 +26252,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
+ allow $1 iscsid_t:sem create_sem_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.8.6/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/iscsi.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iscsi.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/iscsi.te 2010-07-09 08:39:39.326135516 +0200
@@ -76,6 +76,8 @@
dev_rw_sysfs(iscsid_t)
@@ -26115,8 +26264,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
domain_use_interactive_fds(iscsid_t)
domain_dontaudit_read_all_domains_state(iscsid_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.8.6/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc 2010-03-23 11:19:40.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/libraries.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/libraries.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/libraries.fc 2010-07-09 08:39:39.328135454 +0200
@@ -131,13 +131,13 @@
/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -26326,8 +26475,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
+/opt/google/picasa/.*\.dll -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/google/picasa/.*\.yti -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.8.6/policy/modules/system/libraries.te
---- nsaserefpolicy/policy/modules/system/libraries.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/libraries.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/libraries.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/libraries.te 2010-07-09 08:39:39.329135388 +0200
@@ -61,7 +61,7 @@
manage_files_pattern(ldconfig_t, ldconfig_cache_t, ldconfig_cache_t)
@@ -26365,8 +26514,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
ifdef(`distro_gentoo',`
# leaked fds from portage
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.8.6/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/locallogin.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/locallogin.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/locallogin.te 2010-07-09 08:39:39.330135182 +0200
@@ -32,9 +32,8 @@
# Local login local policy
#
@@ -26469,8 +26618,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
- nscd_socket_use(sulogin_t)
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.8.6/policy/modules/system/logging.fc
---- nsaserefpolicy/policy/modules/system/logging.fc 2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/logging.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/logging.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/logging.fc 2010-07-09 08:39:39.331135256 +0200
@@ -17,6 +17,10 @@
/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
@@ -26510,8 +26659,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+
+/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.8.6/policy/modules/system/logging.if
---- nsaserefpolicy/policy/modules/system/logging.if 2010-03-18 06:48:09.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/logging.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/logging.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/logging.if 2010-07-09 08:39:39.332135399 +0200
@@ -545,6 +545,25 @@
########################################
@@ -26584,8 +26733,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
domain_system_change_exemption($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.8.6/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/logging.te 2010-06-25 15:35:40.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/logging.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/logging.te 2010-07-09 08:39:39.334135477 +0200
@@ -60,6 +60,7 @@
type syslogd_t;
type syslogd_exec_t;
@@ -26689,8 +26838,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.8.6/policy/modules/system/lvm.fc
---- nsaserefpolicy/policy/modules/system/lvm.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/lvm.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/lvm.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/lvm.fc 2010-07-09 08:39:39.335135201 +0200
@@ -28,10 +28,12 @@
#
/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -26705,8 +26854,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
/sbin/dmraid -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/dmsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.8.6/policy/modules/system/lvm.te
---- nsaserefpolicy/policy/modules/system/lvm.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/lvm.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/lvm.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/lvm.te 2010-07-09 08:39:39.336135205 +0200
@@ -141,6 +141,11 @@
')
@@ -26786,8 +26935,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.8.6/policy/modules/system/miscfiles.fc
---- nsaserefpolicy/policy/modules/system/miscfiles.fc 2010-03-09 15:39:06.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/miscfiles.fc 2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/miscfiles.fc 2010-07-09 08:39:39.337150015 +0200
@@ -75,13 +75,11 @@
/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
@@ -26805,8 +26954,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
ifdef(`distro_debian',`
/var/lib/msttcorefonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.8.6/policy/modules/system/miscfiles.if
---- nsaserefpolicy/policy/modules/system/miscfiles.if 2010-03-09 15:39:06.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/miscfiles.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/miscfiles.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/miscfiles.if 2010-07-09 08:39:39.338134724 +0200
@@ -305,9 +305,6 @@
allow $1 locale_t:dir list_dir_perms;
read_files_pattern($1, locale_t, locale_t)
@@ -26818,8 +26967,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.8.6/policy/modules/system/modutils.if
---- nsaserefpolicy/policy/modules/system/modutils.if 2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/modutils.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/modutils.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/modutils.if 2010-07-09 08:39:39.339147369 +0200
@@ -39,6 +39,26 @@
########################################
@@ -26848,8 +26997,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
## loading modules.
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.8.6/policy/modules/system/modutils.te
---- nsaserefpolicy/policy/modules/system/modutils.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/modutils.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/modutils.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/modutils.te 2010-07-09 08:39:39.341134875 +0200
@@ -18,6 +18,7 @@
type insmod_exec_t;
application_domain(insmod_t, insmod_exec_t)
@@ -26932,8 +27081,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
if( ! secure_mode_insmod ) {
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.8.6/policy/modules/system/mount.fc
---- nsaserefpolicy/policy/modules/system/mount.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/mount.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/mount.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/mount.fc 2010-07-09 08:39:39.341134875 +0200
@@ -1,4 +1,10 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -26947,8 +27096,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+/var/cache/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
+/var/run/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.8.6/policy/modules/system/mount.if
---- nsaserefpolicy/policy/modules/system/mount.if 2009-07-29 15:15:33.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/mount.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/mount.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/mount.if 2010-07-09 08:39:39.343135162 +0200
@@ -16,6 +16,14 @@
')
@@ -27147,8 +27296,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+ role $2 types showmount_t;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.8.6/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/mount.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/mount.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/mount.te 2010-07-09 08:39:39.344135166 +0200
@@ -17,8 +17,15 @@
init_system_domain(mount_t, mount_exec_t)
role system_r types mount_t;
@@ -27433,8 +27582,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+
+userdom_use_user_terminals(showmount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.8.6/policy/modules/system/raid.te
---- nsaserefpolicy/policy/modules/system/raid.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/raid.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/raid.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/raid.te 2010-07-09 08:39:39.345135170 +0200
@@ -57,6 +57,7 @@
files_read_etc_files(mdadm_t)
@@ -27444,8 +27593,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
fs_search_auto_mountpoints(mdadm_t)
fs_dontaudit_list_tmpfs(mdadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.8.6/policy/modules/system/selinuxutil.fc
---- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.fc 2010-07-09 08:39:39.346135802 +0200
@@ -6,13 +6,13 @@
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
@@ -27486,8 +27635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.8.6/policy/modules/system/selinuxutil.if
---- nsaserefpolicy/policy/modules/system/selinuxutil.if 2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.if 2010-07-09 08:39:39.348135041 +0200
@@ -361,6 +361,27 @@
########################################
@@ -27865,8 +28014,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.8.6/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/selinuxutil.te 2010-07-09 08:39:39.351135193 +0200
@@ -22,6 +22,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -28251,8 +28400,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+ unconfined_domain(setfiles_mac_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.8.6/policy/modules/system/setrans.te
---- nsaserefpolicy/policy/modules/system/setrans.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/setrans.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/setrans.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/setrans.te 2010-07-09 08:39:39.352135266 +0200
@@ -12,6 +12,7 @@
type setrans_t;
type setrans_exec_t;
@@ -28262,14 +28411,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
type setrans_initrc_exec_t;
init_script_file(setrans_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.fc serefpolicy-3.8.6/policy/modules/system/sosreport.fc
---- nsaserefpolicy/policy/modules/system/sosreport.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/sosreport.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sosreport.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/system/sosreport.fc 2010-07-09 08:39:39.352135266 +0200
@@ -0,0 +1,2 @@
+
+/usr/sbin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.if serefpolicy-3.8.6/policy/modules/system/sosreport.if
---- nsaserefpolicy/policy/modules/system/sosreport.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/sosreport.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sosreport.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/system/sosreport.if 2010-07-09 08:39:39.353146654 +0200
@@ -0,0 +1,131 @@
+
+## <summary>policy for sosreport</summary>
@@ -28403,8 +28552,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
+ allow $1 sosreport_tmp_t:file append;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.te serefpolicy-3.8.6/policy/modules/system/sosreport.te
---- nsaserefpolicy/policy/modules/system/sosreport.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/sosreport.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sosreport.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.8.6/policy/modules/system/sosreport.te 2010-07-09 08:39:39.354146658 +0200
@@ -0,0 +1,154 @@
+policy_module(sosreport,1.0.0)
+
@@ -28561,8 +28710,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
+ unconfined_domain(sosreport_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.8.6/policy/modules/system/sysnetwork.fc
---- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.fc 2010-07-09 08:39:39.355146313 +0200
@@ -64,3 +64,5 @@
ifdef(`distro_gentoo',`
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
@@ -28570,8 +28719,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.8.6/policy/modules/system/sysnetwork.if
---- nsaserefpolicy/policy/modules/system/sysnetwork.if 2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.if 2010-07-09 08:39:39.357135216 +0200
@@ -60,25 +60,24 @@
netutils_run(dhcpc_t, $2)
netutils_run_ping(dhcpc_t, $2)
@@ -28820,8 +28969,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+ role_transition $1 dhcpc_exec_t system_r;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.8.6/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.te 2010-06-25 14:37:50.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/sysnetwork.te 2010-07-09 08:39:39.358135150 +0200
@@ -19,6 +19,9 @@
init_daemon_domain(dhcpc_t, dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -28929,16 +29078,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.8.6/policy/modules/system/udev.fc
---- nsaserefpolicy/policy/modules/system/udev.fc 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/udev.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/udev.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/udev.fc 2010-07-09 08:39:39.359134804 +0200
@@ -22,3 +22,4 @@
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
/var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
+/var/run/libgpod(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.8.6/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/udev.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/udev.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/udev.te 2010-07-09 08:39:39.360135087 +0200
@@ -52,6 +52,7 @@
allow udev_t self:unix_stream_socket connectto;
allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -28981,8 +29130,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.8.6/policy/modules/system/unconfined.fc
---- nsaserefpolicy/policy/modules/system/unconfined.fc 2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/unconfined.fc 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/unconfined.fc 2010-07-09 08:39:39.361135091 +0200
@@ -1,15 +1 @@
# Add programs here which should not be confined by SELinux
-# e.g.:
@@ -29000,8 +29149,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
-/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.8.6/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if 2010-03-01 15:12:54.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/unconfined.if 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/unconfined.if 2010-07-09 08:39:39.363134959 +0200
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -29497,8 +29646,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
- allow $1 unconfined_t:dbus acquire_svc;
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.8.6/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/unconfined.te 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/unconfined.te 2010-07-09 08:39:39.364135312 +0200
@@ -4,227 +4,5 @@
#
# Declarations
@@ -29729,8 +29878,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
- ')
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.8.6/policy/modules/system/userdomain.fc
---- nsaserefpolicy/policy/modules/system/userdomain.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/userdomain.fc 2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/userdomain.fc 2010-07-09 08:39:39.365135665 +0200
@@ -1,4 +1,14 @@
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
+HOME_DIR -l gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -29748,8 +29897,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+HOME_DIR/\.pki(/.*)? gen_context(system_u:object_r:home_cert_t,s0)
+HOME_DIR/\.gvfs(/.*)? <<none>>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.8.6/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2010-06-08 10:35:48.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/userdomain.if 2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/userdomain.if 2010-07-09 08:39:39.372135413 +0200
@@ -30,8 +30,9 @@
')
@@ -32038,8 +32187,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+ dontaudit $1 user_tmp_t:dir search_dir_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.8.6/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/userdomain.te 2010-06-28 11:33:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/userdomain.te 2010-07-09 08:39:39.373153017 +0200
@@ -59,6 +59,15 @@
attribute untrusted_content_type;
attribute untrusted_content_tmp_type;
@@ -32099,8 +32248,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+# Nautilus causes this avc
+dontaudit unpriv_userdomain self:dir setattr;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.8.6/policy/modules/system/xen.fc
---- nsaserefpolicy/policy/modules/system/xen.fc 2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.8.6/policy/modules/system/xen.fc 2010-06-22 09:25:01.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.fc 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/xen.fc 2010-07-09 08:39:39.374135281 +0200
@@ -1,7 +1,5 @@
/dev/xen/tapctrl.* -p gen_context(system_u:object_r:xenctl_t,s0)
@@ -32110,8 +32259,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc
ifdef(`distro_debian',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.8.6/policy/modules/system/xen.if
---- nsaserefpolicy/policy/modules/system/xen.if 2010-03-23 10:55:15.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/xen.if 2010-06-28 17:17:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.if 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/xen.if 2010-07-09 08:39:39.375147018 +0200
@@ -87,6 +87,26 @@
## </summary>
## </param>
@@ -32151,8 +32300,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.8.6/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2010-06-18 13:07:19.000000000 -0400
-+++ serefpolicy-3.8.6/policy/modules/system/xen.te 2010-06-28 17:16:48.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.te 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/modules/system/xen.te 2010-07-09 08:39:39.377134873 +0200
@@ -4,6 +4,7 @@
#
# Declarations
@@ -32289,8 +32438,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
fs_list_auto_mountpoints(xend_t)
files_search_mnt(xend_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-3.8.6/policy/support/misc_patterns.spt
---- nsaserefpolicy/policy/support/misc_patterns.spt 2010-05-25 16:28:22.000000000 -0400
-+++ serefpolicy-3.8.6/policy/support/misc_patterns.spt 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/support/misc_patterns.spt 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/support/misc_patterns.spt 2010-07-09 08:39:39.378134877 +0200
@@ -15,7 +15,7 @@
domain_transition_pattern($1,$2,$3)
@@ -32315,8 +32464,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.8.6/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2010-03-04 11:44:07.000000000 -0500
-+++ serefpolicy-3.8.6/policy/support/obj_perm_sets.spt 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/support/obj_perm_sets.spt 2010-07-09 08:39:39.379135090 +0200
@@ -28,7 +28,7 @@
#
# All socket classes.
@@ -32427,8 +32576,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
+define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ')
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.8.6/policy/users
---- nsaserefpolicy/policy/users 2009-12-18 11:38:25.000000000 -0500
-+++ serefpolicy-3.8.6/policy/users 2010-06-21 10:53:58.000000000 -0400
+--- nsaserefpolicy/policy/users 2010-06-21 16:50:51.000000000 +0200
++++ serefpolicy-3.8.6/policy/users 2010-07-09 08:39:39.380146967 +0200
@@ -15,7 +15,7 @@
# and a user process should never be assigned the system user
# identity.
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8ec1916..1157b73 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.8.6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,10 @@ exit 0
%endif
%changelog
+* Fri Jul 9 2010 Miroslav Grepl <mgrepl@redhat.com> 3.8.6-2
+- Add support for ebtables
+- Fixes for rhcs and corosync policy
+
* Tue Jun 22 2010 Dan Walsh <dwalsh@redhat.com> 3.8.6-1
-Update to upstream