diff --git a/modules-mls.conf b/modules-mls.conf
index 89fc9e7..aeefd89 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1327,7 +1327,7 @@ wine = module
#
# X windows window manager
#
-wm = module
+#wm = module
# Layer: admin
# Module: tzdata
diff --git a/policy-20090105.patch b/policy-20090105.patch
index b1b0447..4af6e1b 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -1138,7 +1138,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
java_domtrans_unconfined(rpm_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.2/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/admin/sudo.if 2009-01-05 17:54:58.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/admin/sudo.if 2009-01-13 15:12:44.000000000 -0500
@@ -51,7 +51,7 @@
#
@@ -1202,7 +1202,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_syslog_msg($1_sudo_t)
miscfiles_read_localization($1_sudo_t)
-@@ -114,6 +120,31 @@
+@@ -114,6 +120,35 @@
userdom_manage_user_tmp_files($1_sudo_t)
userdom_manage_user_tmp_symlinks($1_sudo_t)
userdom_use_user_terminals($1_sudo_t)
@@ -1233,6 +1233,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ userdom_use_user_terminals($1_sudo_t)
+ term_relabel_all_user_ttys($1_sudo_t)
+ term_relabel_all_user_ptys($1_sudo_t)
++
++ optional_policy(`
++ dbus_system_bus_client($1_sudo_t)
++ ')
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.2/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-11-11 16:13:49.000000000 -0500
@@ -2929,8 +2933,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.6.2/policy/modules/apps/openoffice.if
--- nsaserefpolicy/policy/modules/apps/openoffice.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/apps/openoffice.if 2009-01-05 17:54:58.000000000 -0500
-@@ -0,0 +1,89 @@
++++ serefpolicy-3.6.2/policy/modules/apps/openoffice.if 2009-01-15 08:48:06.000000000 -0500
+@@ -0,0 +1,92 @@
+## Openoffice
+
+#######################################
@@ -3019,6 +3023,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $3 $1_openoffice_t:process { signal sigkill };
+ allow $1_openoffice_t $3:unix_stream_socket connectto;
++ optional_policy(`
++ xserver_common_x_domain_template($1, $1_openoffice_t)
++ ')
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.6.2/policy/modules/apps/openoffice.te
--- nsaserefpolicy/policy/modules/apps/openoffice.te 1969-12-31 19:00:00.000000000 -0500
@@ -3084,7 +3091,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.2/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/apps/podsleuth.te 2009-01-05 17:54:58.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/apps/podsleuth.te 2009-01-15 11:07:09.000000000 -0500
@@ -11,21 +11,58 @@
application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t;
@@ -3102,7 +3109,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-
-allow podsleuth_t self:process { signal getsched execheap execmem };
+allow podsleuth_t self:capability { sys_admin sys_rawio };
-+allow podsleuth_t self:process { ptrace signal getsched execheap execmem };
++allow podsleuth_t self:process { ptrace signal getsched execheap execmem execstack };
allow podsleuth_t self:fifo_file rw_file_perms;
allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;
+allow podsleuth_t self:sem create_sem_perms;
@@ -3992,7 +3999,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+xserver_user_x_domain_template(user, wm_t, wm_tmpfs_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.2/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/kernel/corecommands.fc 2009-01-05 17:54:58.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/kernel/corecommands.fc 2009-01-16 09:03:35.000000000 -0500
@@ -130,6 +130,8 @@
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
')
@@ -4002,7 +4009,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /usr
#
-@@ -223,14 +225,15 @@
+@@ -203,6 +205,7 @@
+ /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/hal/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/mc/extfs/.* -- gen_context(system_u:object_r:bin_t,s0)
++/usr/share/Modules/init(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/printconf/util/print\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
+@@ -223,14 +226,15 @@
/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
@@ -4020,7 +4035,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/share/fedora-usermgmt/wrapper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hplip/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
-@@ -293,3 +296,8 @@
+@@ -293,3 +297,8 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -7478,7 +7493,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+gen_user(xguest_u, user, xguest_r, s0, s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.2/policy/modules/services/afs.fc
--- nsaserefpolicy/policy/modules/services/afs.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/afs.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/afs.fc 2009-01-16 16:06:26.000000000 -0500
@@ -1,3 +1,6 @@
+/etc/rc\.d/init\.d/openafs-client -- gen_context(system_u:object_r:afs_script_exec_t,s0)
+/etc/rc\.d/init\.d/afs -- gen_context(system_u:object_r:afs_script_exec_t,s0)
@@ -7502,7 +7517,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/cache/afs(/.*)? gen_context(system_u:object_r:afs_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.6.2/policy/modules/services/afs.if
--- nsaserefpolicy/policy/modules/services/afs.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/afs.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/afs.if 2009-01-16 16:06:26.000000000 -0500
@@ -1 +1,110 @@
## Andrew Filesystem server
+
@@ -7616,7 +7631,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.2/policy/modules/services/afs.te
--- nsaserefpolicy/policy/modules/services/afs.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/afs.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/afs.te 2009-01-16 16:06:26.000000000 -0500
@@ -6,6 +6,16 @@
# Declarations
#
@@ -7683,7 +7698,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive afs_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.2/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/apache.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/apache.fc 2009-01-16 16:06:26.000000000 -0500
@@ -1,12 +1,13 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -7768,7 +7783,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/www/html/[^/]*/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.2/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/apache.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/apache.if 2009-01-16 16:06:26.000000000 -0500
@@ -13,21 +13,16 @@
#
template(`apache_content_template',`
@@ -8302,7 +8317,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.2/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/apache.te 2009-01-13 09:27:31.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/apache.te 2009-01-16 16:06:26.000000000 -0500
@@ -19,6 +19,8 @@
# Declarations
#
@@ -8975,7 +8990,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.2/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/automount.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/automount.te 2009-01-16 16:06:26.000000000 -0500
@@ -71,6 +71,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -9011,7 +9026,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.6.2/policy/modules/services/avahi.if
--- nsaserefpolicy/policy/modules/services/avahi.if 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/avahi.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/avahi.if 2009-01-16 16:06:26.000000000 -0500
@@ -21,6 +21,25 @@
########################################
@@ -9065,7 +9080,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.2/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/avahi.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/avahi.te 2009-01-16 16:06:26.000000000 -0500
@@ -33,6 +33,7 @@
allow avahi_t self:tcp_socket create_stream_socket_perms;
allow avahi_t self:udp_socket create_socket_perms;
@@ -9084,7 +9099,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.2/policy/modules/services/bind.fc
--- nsaserefpolicy/policy/modules/services/bind.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bind.fc 2009-01-07 15:44:12.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bind.fc 2009-01-16 16:06:26.000000000 -0500
@@ -1,17 +1,22 @@
/etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/unbound -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
@@ -9118,7 +9133,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.2/policy/modules/services/bind.if
--- nsaserefpolicy/policy/modules/services/bind.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bind.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bind.if 2009-01-16 16:06:26.000000000 -0500
@@ -38,6 +38,42 @@
########################################
@@ -9217,7 +9232,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.6.2/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bind.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bind.te 2009-01-16 16:06:26.000000000 -0500
@@ -169,7 +169,7 @@
')
@@ -9229,7 +9244,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.6.2/policy/modules/services/bluetooth.fc
--- nsaserefpolicy/policy/modules/services/bluetooth.fc 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bluetooth.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bluetooth.fc 2009-01-16 16:06:26.000000000 -0500
@@ -15,6 +15,7 @@
/usr/bin/hidd -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
/usr/bin/rfcomm -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
@@ -9240,7 +9255,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/hid2hci -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.6.2/policy/modules/services/bluetooth.if
--- nsaserefpolicy/policy/modules/services/bluetooth.if 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bluetooth.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bluetooth.if 2009-01-16 16:06:26.000000000 -0500
@@ -173,7 +173,7 @@
interface(`bluetooth_admin',`
gen_require(`
@@ -9262,7 +9277,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.2/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/bluetooth.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/bluetooth.te 2009-01-16 16:06:26.000000000 -0500
@@ -147,10 +147,10 @@
optional_policy(`
cups_dbus_chat(bluetooth_t)
@@ -9278,7 +9293,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.fc serefpolicy-3.6.2/policy/modules/services/certmaster.fc
--- nsaserefpolicy/policy/modules/services/certmaster.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/certmaster.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/certmaster.fc 2009-01-16 16:06:26.000000000 -0500
@@ -0,0 +1,9 @@
+
+/etc/rc\.d/init\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
@@ -9291,7 +9306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.6.2/policy/modules/services/certmaster.if
--- nsaserefpolicy/policy/modules/services/certmaster.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/certmaster.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/certmaster.if 2009-01-16 16:06:26.000000000 -0500
@@ -0,0 +1,123 @@
+## policy for certmaster
+
@@ -9418,7 +9433,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.6.2/policy/modules/services/certmaster.te
--- nsaserefpolicy/policy/modules/services/certmaster.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/certmaster.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/certmaster.te 2009-01-16 16:06:26.000000000 -0500
@@ -0,0 +1,79 @@
+policy_module(certmaster,1.0.0)
+
@@ -9501,7 +9516,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive certmaster_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.6.2/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/clamav.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/clamav.fc 2009-01-16 16:06:26.000000000 -0500
@@ -1,20 +1,22 @@
/etc/clamav(/.*)? gen_context(system_u:object_r:clamd_etc_t,s0)
+/etc/rc\.d/init\.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_initrc_exec_t,s0)
@@ -9532,7 +9547,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.6.2/policy/modules/services/clamav.if
--- nsaserefpolicy/policy/modules/services/clamav.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/clamav.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/clamav.if 2009-01-16 16:06:26.000000000 -0500
@@ -38,6 +38,27 @@
########################################
@@ -9651,7 +9666,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.2/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/clamav.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/clamav.te 2009-01-16 16:06:26.000000000 -0500
@@ -13,7 +13,10 @@
# configuration files
@@ -9743,7 +9758,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.2/policy/modules/services/consolekit.fc
--- nsaserefpolicy/policy/modules/services/consolekit.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/consolekit.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/consolekit.fc 2009-01-16 16:06:26.000000000 -0500
@@ -1,3 +1,6 @@
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
@@ -9753,7 +9768,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.6.2/policy/modules/services/consolekit.if
--- nsaserefpolicy/policy/modules/services/consolekit.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/consolekit.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/consolekit.if 2009-01-16 16:06:26.000000000 -0500
@@ -38,3 +38,24 @@
allow $1 consolekit_t:dbus send_msg;
allow consolekit_t $1:dbus send_msg;
@@ -9781,7 +9796,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.2/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/consolekit.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/consolekit.te 2009-01-16 16:06:26.000000000 -0500
@@ -13,6 +13,9 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -9864,7 +9879,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
+ polkit_domtrans_auth(consolekit_t)
-+ polkit_read_lib(consolekit_t)
++ polkit_read_reload(consolekit_t)
+')
+
+optional_policy(`
@@ -9891,7 +9906,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.2/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/courier.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/courier.te 2009-01-16 16:06:26.000000000 -0500
@@ -10,6 +10,7 @@
type courier_etc_t;
@@ -9902,7 +9917,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.2/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cron.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cron.fc 2009-01-16 16:06:26.000000000 -0500
@@ -17,9 +17,9 @@
/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -9916,7 +9931,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/cron -d gen_context(system_u:object_r:cron_spool_t,s0)
#/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
-@@ -41,7 +41,12 @@
+@@ -41,7 +41,11 @@
#/var/spool/cron/crontabs/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
/var/spool/fcron -d gen_context(system_u:object_r:cron_spool_t,s0)
@@ -9925,14 +9940,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
-+/var/lib/misc(/.*)? gen_context(system_u:object_r:system_cronjob_var_lib_t,s0)
+
+/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0)
+
+/var/log/rpmpkgs.* -- gen_context(system_u:object_r:cron_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.2/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cron.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cron.if 2009-01-16 16:06:26.000000000 -0500
@@ -12,6 +12,10 @@
##
#
@@ -10029,7 +10043,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -506,3 +541,83 @@
+@@ -506,3 +541,82 @@
dontaudit $1 system_cronjob_tmp_t:file append;
')
@@ -10110,12 +10124,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ type crond_var_run_t;
+ ')
+
-+
+ manage_files_pattern($1, crond_var_run_t, crond_var_run_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.2/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cron.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cron.te 2009-01-16 16:06:26.000000000 -0500
@@ -38,6 +38,10 @@
type cron_var_lib_t;
files_type(cron_var_lib_t)
@@ -10373,7 +10386,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow cronjob_t self:unix_stream_socket create_stream_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.2/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/cups.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cups.fc 2009-01-16 16:06:26.000000000 -0500
@@ -5,27 +5,38 @@
/etc/cups/classes\.conf.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/cupsd\.conf.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -10449,7 +10462,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/cups/backend/cups-pdf -- gen_context(system_u:object_r:cups_pdf_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.6.2/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cups.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cups.if 2009-01-16 16:06:26.000000000 -0500
@@ -20,6 +20,30 @@
########################################
@@ -10576,7 +10589,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.2/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cups.te 2009-01-12 11:25:36.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cups.te 2009-01-16 16:06:26.000000000 -0500
@@ -20,9 +20,18 @@
type cupsd_etc_t;
files_config_file(cupsd_etc_t)
@@ -10983,7 +10996,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.6.2/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/cvs.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cvs.te 2009-01-16 16:06:26.000000000 -0500
@@ -112,4 +112,5 @@
read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
@@ -10992,7 +11005,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.fc serefpolicy-3.6.2/policy/modules/services/cyphesis.fc
--- nsaserefpolicy/policy/modules/services/cyphesis.fc 2008-09-03 11:05:02.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/cyphesis.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/cyphesis.fc 2009-01-16 16:06:26.000000000 -0500
@@ -1 +1,6 @@
/usr/bin/cyphesis -- gen_context(system_u:object_r:cyphesis_exec_t,s0)
+
@@ -11002,7 +11015,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.6.2/policy/modules/services/dbus.fc
--- nsaserefpolicy/policy/modules/services/dbus.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dbus.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dbus.fc 2009-01-16 16:06:26.000000000 -0500
@@ -4,6 +4,9 @@
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/bin/dbus-daemon -- gen_context(system_u:object_r:dbusd_exec_t,s0)
@@ -11015,7 +11028,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.2/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dbus.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dbus.if 2009-01-16 16:06:26.000000000 -0500
@@ -44,6 +44,7 @@
attribute session_bus_type;
@@ -11193,7 +11206,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.2/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dbus.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dbus.te 2009-01-16 16:06:26.000000000 -0500
@@ -9,14 +9,15 @@
#
# Delcarations
@@ -11321,7 +11334,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.2/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dcc.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dcc.te 2009-01-16 16:06:26.000000000 -0500
@@ -137,6 +137,7 @@
corenet_all_recvfrom_unlabeled(dcc_client_t)
@@ -11332,7 +11345,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_udp_sendrecv_all_ports(dcc_client_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.6.2/policy/modules/services/dhcp.if
--- nsaserefpolicy/policy/modules/services/dhcp.if 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dhcp.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dhcp.if 2009-01-16 16:06:26.000000000 -0500
@@ -22,6 +22,25 @@
########################################
@@ -11361,7 +11374,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.6.2/policy/modules/services/dnsmasq.if
--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2008-11-18 18:57:21.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dnsmasq.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dnsmasq.if 2009-01-16 16:06:26.000000000 -0500
@@ -22,6 +22,25 @@
########################################
@@ -11462,7 +11475,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.2/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dnsmasq.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dnsmasq.te 2009-01-16 16:06:26.000000000 -0500
@@ -69,21 +69,22 @@
# allow access to dnsmasq.conf
@@ -11491,7 +11504,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.6.2/policy/modules/services/dovecot.fc
--- nsaserefpolicy/policy/modules/services/dovecot.fc 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dovecot.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dovecot.fc 2009-01-16 16:06:26.000000000 -0500
@@ -6,6 +6,7 @@
/etc/dovecot\.passwd.* gen_context(system_u:object_r:dovecot_passwd_t,s0)
@@ -11527,7 +11540,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.6.2/policy/modules/services/dovecot.if
--- nsaserefpolicy/policy/modules/services/dovecot.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dovecot.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dovecot.if 2009-01-16 16:06:26.000000000 -0500
@@ -21,7 +21,46 @@
########################################
@@ -11639,7 +11652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.2/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/dovecot.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/dovecot.te 2009-01-16 16:06:26.000000000 -0500
@@ -15,12 +15,21 @@
domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -11820,7 +11833,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.6.2/policy/modules/services/exim.if
--- nsaserefpolicy/policy/modules/services/exim.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/exim.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/exim.if 2009-01-16 16:06:26.000000000 -0500
@@ -97,6 +97,26 @@
########################################
@@ -11874,7 +11887,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.2/policy/modules/services/exim.te
--- nsaserefpolicy/policy/modules/services/exim.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/exim.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/exim.te 2009-01-16 16:06:26.000000000 -0500
@@ -21,9 +21,20 @@
##
gen_tunable(exim_manage_user_files, false)
@@ -12031,7 +12044,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.2/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ftp.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ftp.te 2009-01-16 16:06:27.000000000 -0500
@@ -160,6 +160,7 @@
fs_search_auto_mountpoints(ftpd_t)
@@ -12079,14 +12092,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.2/policy/modules/services/gnomeclock.fc
--- nsaserefpolicy/policy/modules/services/gnomeclock.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.fc 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,3 @@
+
+/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.2/policy/modules/services/gnomeclock.if
--- nsaserefpolicy/policy/modules/services/gnomeclock.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.if 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,69 @@
+
+## policy for gnomeclock
@@ -12159,7 +12172,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.2/policy/modules/services/gnomeclock.te
--- nsaserefpolicy/policy/modules/services/gnomeclock.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/gnomeclock.te 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,50 @@
+policy_module(gnomeclock, 1.0.0)
+########################################
@@ -12208,12 +12221,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+optional_policy(`
+ polkit_domtrans_auth(gnomeclock_t)
-+ polkit_read_lib(gnomeclock_t)
++ polkit_read_reload(gnomeclock_t)
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.2/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/hal.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/hal.fc 2009-01-16 16:06:27.000000000 -0500
@@ -5,6 +5,7 @@
/usr/bin/hal-setup-keymap -- gen_context(system_u:object_r:hald_keymap_exec_t,s0)
@@ -12224,7 +12237,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.2/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/hal.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/hal.if 2009-01-16 16:06:27.000000000 -0500
@@ -51,10 +51,7 @@
type hald_t;
')
@@ -12239,7 +12252,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.2/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/hal.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/hal.te 2009-01-16 16:06:27.000000000 -0500
@@ -49,6 +49,15 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -12287,7 +12300,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
+ polkit_domtrans_auth(hald_t)
+ polkit_domtrans_resolve(hald_t)
-+ polkit_read_lib(hald_t)
++ polkit_read_reload(hald_t)
+')
+
+optional_policy(`
@@ -12335,7 +12348,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ polkit_domtrans_auth(hald_acl_t)
-+ polkit_read_lib(hald_acl_t)
++ polkit_read_reload(hald_acl_t)
+')
+
########################################
@@ -12400,7 +12413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive hald_dccm_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.fc serefpolicy-3.6.2/policy/modules/services/ifplugd.fc
--- nsaserefpolicy/policy/modules/services/ifplugd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ifplugd.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ifplugd.fc 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,9 @@
+
+/etc/ifplugd(/.*)? gen_context(system_u:object_r:ifplugd_etc_t,s0)
@@ -12413,7 +12426,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.6.2/policy/modules/services/ifplugd.if
--- nsaserefpolicy/policy/modules/services/ifplugd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ifplugd.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ifplugd.if 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,194 @@
+## policy for ifplugd
+
@@ -12611,7 +12624,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.te serefpolicy-3.6.2/policy/modules/services/ifplugd.te
--- nsaserefpolicy/policy/modules/services/ifplugd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ifplugd.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ifplugd.te 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,89 @@
+policy_module(ifplugd,1.0.0)
+
@@ -12704,7 +12717,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.2/policy/modules/services/kerberos.fc
--- nsaserefpolicy/policy/modules/services/kerberos.fc 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/kerberos.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/kerberos.fc 2009-01-16 16:06:27.000000000 -0500
@@ -21,6 +21,7 @@
/var/kerberos/krb5kdc/from_master.* gen_context(system_u:object_r:krb5kdc_lock_t,s0)
/var/kerberos/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
@@ -12715,7 +12728,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.2/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/kerberos.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/kerberos.te 2009-01-16 16:06:27.000000000 -0500
@@ -290,6 +290,7 @@
corenet_tcp_sendrecv_all_nodes(kpropd_t)
corenet_tcp_sendrecv_all_ports(kpropd_t)
@@ -12726,7 +12739,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.2/policy/modules/services/kerneloops.if
--- nsaserefpolicy/policy/modules/services/kerneloops.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/kerneloops.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/kerneloops.if 2009-01-16 16:06:27.000000000 -0500
@@ -63,6 +63,25 @@
########################################
@@ -12771,7 +12784,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.2/policy/modules/services/kerneloops.te
--- nsaserefpolicy/policy/modules/services/kerneloops.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/kerneloops.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/kerneloops.te 2009-01-16 16:06:27.000000000 -0500
@@ -13,6 +13,9 @@
type kerneloops_initrc_exec_t;
init_script_file(kerneloops_initrc_exec_t)
@@ -12794,7 +12807,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Init script handling
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.6.2/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ldap.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ldap.te 2009-01-16 16:06:27.000000000 -0500
@@ -117,7 +117,11 @@
userdom_dontaudit_search_user_home_dirs(slapd_t)
@@ -12810,7 +12823,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.2/policy/modules/services/mailman.fc
--- nsaserefpolicy/policy/modules/services/mailman.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/mailman.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailman.fc 2009-01-16 16:06:27.000000000 -0500
@@ -31,3 +31,4 @@
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
@@ -12818,7 +12831,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.2/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailman.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailman.if 2009-01-16 16:06:27.000000000 -0500
@@ -31,6 +31,12 @@
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -12868,7 +12881,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.2/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailman.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailman.te 2009-01-16 16:06:27.000000000 -0500
@@ -53,10 +53,8 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -12929,13 +12942,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.6.2/policy/modules/services/mailscanner.fc
--- nsaserefpolicy/policy/modules/services/mailscanner.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailscanner.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailscanner.fc 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,2 @@
+/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:mailscanner_spool_t,s0)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.if serefpolicy-3.6.2/policy/modules/services/mailscanner.if
--- nsaserefpolicy/policy/modules/services/mailscanner.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailscanner.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailscanner.if 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,59 @@
+## Anti-Virus and Anti-Spam Filter
+
@@ -12998,7 +13011,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.te serefpolicy-3.6.2/policy/modules/services/mailscanner.te
--- nsaserefpolicy/policy/modules/services/mailscanner.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mailscanner.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mailscanner.te 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,5 @@
+
+policy_module(mailscanner, 1.0.0)
@@ -13007,7 +13020,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+files_type(mailscanner_spool_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.2/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/mta.fc 2009-01-08 13:25:41.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mta.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,4 +1,4 @@
-/bin/mail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
+/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -13038,7 +13051,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.2/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mta.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mta.if 2009-01-16 16:06:27.000000000 -0500
@@ -130,6 +130,15 @@
sendmail_create_log($1_mail_t)
')
@@ -13077,6 +13090,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
')
+@@ -591,8 +603,8 @@
+
+ files_search_spool($1)
+ allow $1 mail_spool_t:dir list_dir_perms;
+- allow $1 mail_spool_t:lnk_file read;
+- allow $1 mail_spool_t:file getattr;
++ getattr_files_pattern($1, mail_spool_t, mail_spool_t)
++ read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
+ ')
+
+ ########################################
@@ -612,7 +624,7 @@
')
@@ -13097,7 +13121,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.2/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/mta.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/mta.te 2009-01-16 16:06:27.000000000 -0500
@@ -47,34 +47,48 @@
#
@@ -13241,7 +13265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# User send mail local policy
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.2/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/munin.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/munin.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,4 +1,5 @@
/etc/munin(/.*)? gen_context(system_u:object_r:munin_etc_t,s0)
+/etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0)
@@ -13261,7 +13285,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.2/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/munin.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/munin.if 2009-01-16 16:06:27.000000000 -0500
@@ -80,3 +80,76 @@
dontaudit $1 munin_var_lib_t:dir search_dir_perms;
@@ -13341,7 +13365,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.2/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/munin.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/munin.te 2009-01-16 16:06:27.000000000 -0500
@@ -13,6 +13,9 @@
type munin_etc_t alias lrrd_etc_t;
files_config_file(munin_etc_t)
@@ -13478,7 +13502,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.2/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/nagios.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nagios.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,16 +1,19 @@
/etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0)
/etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -13505,7 +13529,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.2/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/nagios.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nagios.if 2009-01-16 16:06:27.000000000 -0500
@@ -44,7 +44,7 @@
########################################
@@ -13627,7 +13651,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.2/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nagios.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nagios.te 2009-01-16 16:06:27.000000000 -0500
@@ -10,13 +10,12 @@
type nagios_exec_t;
init_daemon_domain(nagios_t, nagios_exec_t)
@@ -13725,7 +13749,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.2/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/networkmanager.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/networkmanager.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,8 +1,12 @@
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
+
@@ -13746,7 +13770,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.2/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/networkmanager.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/networkmanager.if 2009-01-16 16:06:27.000000000 -0500
@@ -118,6 +118,24 @@
########################################
@@ -13774,7 +13798,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.2/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/networkmanager.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/networkmanager.te 2009-01-16 16:06:27.000000000 -0500
@@ -33,9 +33,9 @@
# networkmanager will ptrace itself if gdb is installed
@@ -13948,7 +13972,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+optional_policy(`
+ polkit_domtrans_auth(NetworkManager_t)
-+ polkit_read_lib(NetworkManager_t)
++ polkit_read_reload(NetworkManager_t)
')
optional_policy(`
@@ -13980,7 +14004,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.2/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/nis.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nis.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,9 +1,13 @@
-
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -13998,7 +14022,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.2/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nis.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nis.if 2009-01-16 16:06:27.000000000 -0500
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -14152,7 +14176,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.2/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nis.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nis.te 2009-01-16 16:06:27.000000000 -0500
@@ -13,6 +13,9 @@
type ypbind_exec_t;
init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -14229,7 +14253,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_all_ports(ypxfr_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.2/policy/modules/services/nscd.fc
--- nsaserefpolicy/policy/modules/services/nscd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/nscd.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nscd.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/nscd -- gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
@@ -14237,7 +14261,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.2/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nscd.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nscd.if 2009-01-16 16:06:27.000000000 -0500
@@ -58,6 +58,42 @@
########################################
@@ -14362,7 +14386,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.2/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nscd.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nscd.te 2009-01-16 16:06:27.000000000 -0500
@@ -20,6 +20,9 @@
type nscd_exec_t;
init_daemon_domain(nscd_t, nscd_exec_t)
@@ -14461,7 +14485,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.2/policy/modules/services/ntp.if
--- nsaserefpolicy/policy/modules/services/ntp.if 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/ntp.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ntp.if 2009-01-16 16:06:27.000000000 -0500
@@ -56,6 +56,24 @@
########################################
@@ -14489,8 +14513,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.2/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ntp.te 2009-01-05 17:54:59.000000000 -0500
-@@ -42,6 +42,7 @@
++++ serefpolicy-3.6.2/policy/modules/services/ntp.te 2009-01-16 16:06:27.000000000 -0500
+@@ -38,10 +38,11 @@
+
+ # sys_resource and setrlimit is for locking memory
+ # ntpdate wants sys_nice
+-allow ntpd_t self:capability { chown dac_override kill setgid setuid sys_time ipc_lock sys_chroot sys_nice sys_resource };
++allow ntpd_t self:capability { chown dac_override kill setgid setuid sys_time ipc_lock ipc_owner sys_chroot sys_nice sys_resource };
dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
allow ntpd_t self:process { signal_perms getcap setcap setsched setrlimit };
allow ntpd_t self:fifo_file rw_fifo_file_perms;
@@ -14498,7 +14527,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow ntpd_t self:unix_dgram_socket create_socket_perms;
allow ntpd_t self:unix_stream_socket create_socket_perms;
allow ntpd_t self:tcp_socket create_stream_socket_perms;
-@@ -90,6 +91,8 @@
+@@ -52,6 +53,7 @@
+ can_exec(ntpd_t,ntpd_exec_t)
+
+ read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
++read_lnk_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
+
+ allow ntpd_t ntpd_log_t:dir setattr;
+ manage_files_pattern(ntpd_t,ntpd_log_t,ntpd_log_t)
+@@ -90,6 +92,8 @@
fs_getattr_all_fs(ntpd_t)
fs_search_auto_mountpoints(ntpd_t)
@@ -14509,7 +14546,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.2/policy/modules/services/nx.te
--- nsaserefpolicy/policy/modules/services/nx.te 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/nx.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/nx.te 2009-01-16 16:06:27.000000000 -0500
@@ -25,6 +25,9 @@
type nx_server_var_run_t;
files_pid_file(nx_server_var_run_t)
@@ -14532,7 +14569,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.2/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/oddjob.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/oddjob.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,4 +1,4 @@
-/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -14541,7 +14578,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.2/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/oddjob.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/oddjob.if 2009-01-16 16:06:27.000000000 -0500
@@ -44,6 +44,7 @@
')
@@ -14581,7 +14618,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.2/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/oddjob.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/oddjob.te 2009-01-16 16:06:27.000000000 -0500
@@ -10,14 +10,21 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -14640,7 +14677,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.6.2/policy/modules/services/openvpn.fc
--- nsaserefpolicy/policy/modules/services/openvpn.fc 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/openvpn.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/openvpn.fc 2009-01-16 16:06:27.000000000 -0500
@@ -2,6 +2,7 @@
# /etc
#
@@ -14651,7 +14688,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.6.2/policy/modules/services/openvpn.if
--- nsaserefpolicy/policy/modules/services/openvpn.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/openvpn.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/openvpn.if 2009-01-16 16:06:27.000000000 -0500
@@ -46,6 +46,24 @@
########################################
@@ -14704,7 +14741,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.2/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/openvpn.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/openvpn.te 2009-01-16 16:06:27.000000000 -0500
@@ -22,6 +22,9 @@
type openvpn_etc_t;
files_config_file(openvpn_etc_t)
@@ -14748,7 +14785,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.2/policy/modules/services/pads.fc
--- nsaserefpolicy/policy/modules/services/pads.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pads.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pads.fc 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,12 @@
+
+/etc/pads-ether-codes -- gen_context(system_u:object_r:pads_config_t, s0)
@@ -14764,7 +14801,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.2/policy/modules/services/pads.if
--- nsaserefpolicy/policy/modules/services/pads.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pads.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pads.if 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,10 @@
+## SELinux policy for PADS daemon.
+##
@@ -14778,7 +14815,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.2/policy/modules/services/pads.te
--- nsaserefpolicy/policy/modules/services/pads.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pads.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pads.te 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,65 @@
+
+policy_module(pads, 0.0.1)
@@ -14847,7 +14884,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.2/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pcscd.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pcscd.te 2009-01-16 16:06:27.000000000 -0500
@@ -57,6 +57,14 @@
sysnet_dns_name_resolve(pcscd_t)
@@ -14865,7 +14902,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
openct_signull(pcscd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.2/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pegasus.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pegasus.te 2009-01-16 16:06:27.000000000 -0500
@@ -30,7 +30,7 @@
# Local policy
#
@@ -14939,7 +14976,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.fc serefpolicy-3.6.2/policy/modules/services/pingd.fc
--- nsaserefpolicy/policy/modules/services/pingd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pingd.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pingd.fc 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,11 @@
+
+/etc/pingd.conf -- gen_context(system_u:object_r:pingd_etc_t,s0)
@@ -14954,7 +14991,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.6.2/policy/modules/services/pingd.if
--- nsaserefpolicy/policy/modules/services/pingd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pingd.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pingd.if 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,99 @@
+## policy for pingd
+
@@ -15057,7 +15094,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.te serefpolicy-3.6.2/policy/modules/services/pingd.te
--- nsaserefpolicy/policy/modules/services/pingd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pingd.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pingd.te 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,54 @@
+policy_module(pingd,1.0.0)
+
@@ -15115,7 +15152,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.fc serefpolicy-3.6.2/policy/modules/services/pki.fc
--- nsaserefpolicy/policy/modules/services/pki.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pki.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pki.fc 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,46 @@
+
+/etc/rc\.d/init\.d/pki-ca -- gen_context(system_u:object_r:pki_ca_script_exec_t,s0)
@@ -15165,7 +15202,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/pki-tps\.pid -- gen_context(system_u:object_r:pki_tks_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.if serefpolicy-3.6.2/policy/modules/services/pki.if
--- nsaserefpolicy/policy/modules/services/pki.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pki.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pki.if 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,643 @@
+
+## policy for pki
@@ -15812,7 +15849,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.te serefpolicy-3.6.2/policy/modules/services/pki.te
--- nsaserefpolicy/policy/modules/services/pki.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pki.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pki.te 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,91 @@
+policy_module(pki,1.0.0)
+
@@ -15907,8 +15944,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.2/policy/modules/services/polkit.fc
--- nsaserefpolicy/policy/modules/services/polkit.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/polkit.fc 2009-01-05 17:54:59.000000000 -0500
-@@ -0,0 +1,9 @@
++++ serefpolicy-3.6.2/policy/modules/services/polkit.fc 2009-01-16 16:06:27.000000000 -0500
+@@ -0,0 +1,11 @@
+
+/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:polkit_auth_exec_t,s0)
+/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:polkit_grant_exec_t,s0)
@@ -15918,10 +15955,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/PolicyKit(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
+/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:polkit_var_run_t,s0)
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
++
++/var/lib/misc/PolicyKit.reload gen_context(system_u:object_r:polkit_reload_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.2/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/polkit.if 2009-01-05 17:54:59.000000000 -0500
-@@ -0,0 +1,202 @@
++++ serefpolicy-3.6.2/policy/modules/services/polkit.if 2009-01-16 16:07:30.000000000 -0500
+@@ -0,0 +1,240 @@
+
+## policy for polkit_auth
+
@@ -15987,6 +16026,44 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+########################################
+##
++## read polkit reload files
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`polkit_read_reload',`
++ gen_require(`
++ type polkit_reload_t;
++ ')
++
++ files_search_var_lib($1)
++ read_files_pattern($1, polkit_reload_t, polkit_reload_t)
++')
++
++########################################
++##
++## rw polkit reload files
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`polkit_rw_reload',`
++ gen_require(`
++ type polkit_reload_t;
++ ')
++
++ files_search_var_lib($1)
++ rw_files_pattern($1, polkit_reload_t, polkit_reload_t)
++')
++
++########################################
++##
+## Execute a domain transition to run polkit_grant.
+##
+##
@@ -16101,7 +16178,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+template(`polkit_role',`
+ polkit_run_auth($2, $1)
+ polkit_run_grant($2, $1)
-+ polkit_read_lib($2)
++ polkit_read_reload($2)
+')
+
+########################################
@@ -16126,8 +16203,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.2/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/polkit.te 2009-01-05 17:54:59.000000000 -0500
-@@ -0,0 +1,229 @@
++++ serefpolicy-3.6.2/policy/modules/services/polkit.te 2009-01-16 16:06:27.000000000 -0500
+@@ -0,0 +1,237 @@
+policy_module(polkit_auth, 1.0.0)
+
+########################################
@@ -16151,6 +16228,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+type polkit_auth_exec_t;
+init_daemon_domain(polkit_auth_t, polkit_auth_exec_t)
+
++type polkit_reload_t;
++files_type(polkit_reload_t)
++
+type polkit_var_lib_t;
+files_type(polkit_var_lib_t)
+
@@ -16192,6 +16272,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+manage_files_pattern(polkit_t, polkit_var_lib_t, polkit_var_lib_t)
+
++rw_files_pattern(polkit_t, polkit_reload_t, polkit_reload_t)
++
+# pid file
+manage_dirs_pattern(polkit_t, polkit_var_run_t, polkit_var_run_t)
+manage_files_pattern(polkit_t, polkit_var_run_t, polkit_var_run_t)
@@ -16234,6 +16316,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+logging_send_syslog_msg(polkit_auth_t)
+
+manage_files_pattern(polkit_auth_t, polkit_var_lib_t, polkit_var_lib_t)
++rw_files_pattern(polkit_auth_t, polkit_reload_t, polkit_reload_t)
+
+# pid file
+manage_dirs_pattern(polkit_auth_t, polkit_var_run_t, polkit_var_run_t)
@@ -16296,6 +16379,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+manage_files_pattern(polkit_grant_t, polkit_var_run_t, polkit_var_run_t)
+
+manage_files_pattern(polkit_grant_t, polkit_var_lib_t, polkit_var_lib_t)
++rw_files_pattern(polkit_grant_t, polkit_reload_t, polkit_reload_t)
+userdom_read_all_users_state(polkit_grant_t)
+
+optional_policy(`
@@ -16322,6 +16406,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow polkit_resolve_t self:unix_stream_socket create_stream_socket_perms;
+
+read_files_pattern(polkit_resolve_t, polkit_var_lib_t, polkit_var_lib_t)
++read_files_pattern(polkit_resolve_t, polkit_reload_t, polkit_reload_t)
+
+can_exec(polkit_resolve_t, polkit_resolve_exec_t)
+corecmd_search_bin(polkit_resolve_t)
@@ -16359,7 +16444,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.6.2/policy/modules/services/portreserve.fc
--- nsaserefpolicy/policy/modules/services/portreserve.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/portreserve.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/portreserve.fc 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,12 @@
+# portreserve executable will have:
+# label: system_u:object_r:portreserve_exec_t
@@ -16375,7 +16460,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.6.2/policy/modules/services/portreserve.if
--- nsaserefpolicy/policy/modules/services/portreserve.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/portreserve.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/portreserve.if 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,66 @@
+## policy for portreserve
+
@@ -16445,7 +16530,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.2/policy/modules/services/portreserve.te
--- nsaserefpolicy/policy/modules/services/portreserve.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/portreserve.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/portreserve.te 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,52 @@
+policy_module(portreserve,1.0.0)
+
@@ -16501,7 +16586,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+#domain_use_interactive_fds(portreserve_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.2/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/postfix.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postfix.fc 2009-01-16 16:06:27.000000000 -0500
@@ -29,12 +29,10 @@
/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -16517,7 +16602,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.2/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/postfix.if 2009-01-07 13:21:46.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postfix.if 2009-01-16 16:06:27.000000000 -0500
@@ -46,6 +46,7 @@
allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -16679,7 +16764,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.2/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/postfix.te 2009-01-07 13:20:40.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postfix.te 2009-01-16 16:06:27.000000000 -0500
@@ -6,6 +6,15 @@
# Declarations
#
@@ -17006,7 +17091,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_exec_bin(postfix_virtual_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.2/policy/modules/services/postgresql.fc
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/postgresql.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postgresql.fc 2009-01-16 16:06:27.000000000 -0500
@@ -2,6 +2,7 @@
# /etc
#
@@ -17017,7 +17102,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /usr
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.2/policy/modules/services/postgresql.if
--- nsaserefpolicy/policy/modules/services/postgresql.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/postgresql.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postgresql.if 2009-01-16 16:06:27.000000000 -0500
@@ -351,3 +351,46 @@
typeattribute $1 sepgsql_unconfined_type;
@@ -17067,7 +17152,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.2/policy/modules/services/postgresql.te
--- nsaserefpolicy/policy/modules/services/postgresql.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/postgresql.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/postgresql.te 2009-01-16 16:06:27.000000000 -0500
@@ -32,6 +32,9 @@
type postgresql_etc_t;
files_config_file(postgresql_etc_t)
@@ -17123,7 +17208,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.2/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/ppp.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ppp.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,7 +1,7 @@
#
# /etc
@@ -17146,7 +17231,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /sbin
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.2/policy/modules/services/ppp.if
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ppp.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ppp.if 2009-01-16 16:06:27.000000000 -0500
@@ -58,6 +58,25 @@
########################################
@@ -17249,7 +17334,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.2/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ppp.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ppp.te 2009-01-16 16:06:27.000000000 -0500
@@ -37,8 +37,8 @@
type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)
@@ -17379,7 +17464,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.6.2/policy/modules/services/prelude.fc
--- nsaserefpolicy/policy/modules/services/prelude.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/prelude.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/prelude.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,3 +1,9 @@
+/etc/prelude-correlator(/.*)? gen_context(system_u:object_r:prelude_correlator_config_t, s0)
+
@@ -17408,7 +17493,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.6.2/policy/modules/services/prelude.if
--- nsaserefpolicy/policy/modules/services/prelude.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/prelude.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/prelude.if 2009-01-16 16:06:27.000000000 -0500
@@ -6,7 +6,7 @@
##
##
@@ -17523,7 +17608,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.2/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/prelude.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/prelude.te 2009-01-16 16:06:27.000000000 -0500
@@ -13,25 +13,57 @@
type prelude_spool_t;
files_type(prelude_spool_t)
@@ -17792,7 +17877,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mysql_search_db(httpd_prewikka_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.2/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/procmail.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/procmail.te 2009-01-16 16:06:27.000000000 -0500
@@ -128,6 +128,10 @@
')
@@ -17814,7 +17899,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.2/policy/modules/services/pyzor.fc
--- nsaserefpolicy/policy/modules/services/pyzor.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pyzor.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pyzor.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,6 +1,8 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -17826,7 +17911,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.2/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pyzor.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pyzor.if 2009-01-16 16:06:27.000000000 -0500
@@ -88,3 +88,50 @@
corecmd_search_bin($1)
can_exec($1, pyzor_exec_t)
@@ -17880,7 +17965,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.2/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/pyzor.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/pyzor.te 2009-01-16 16:06:27.000000000 -0500
@@ -6,6 +6,38 @@
# Declarations
#
@@ -17939,7 +18024,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.2/policy/modules/services/radvd.te
--- nsaserefpolicy/policy/modules/services/radvd.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/radvd.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/radvd.te 2009-01-16 16:06:27.000000000 -0500
@@ -22,7 +22,7 @@
#
# Local policy
@@ -17951,7 +18036,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow radvd_t self:unix_dgram_socket create_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.2/policy/modules/services/razor.if
--- nsaserefpolicy/policy/modules/services/razor.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/razor.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/razor.if 2009-01-16 16:06:27.000000000 -0500
@@ -157,3 +157,45 @@
domtrans_pattern($1, razor_exec_t, razor_t)
@@ -18000,7 +18085,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.2/policy/modules/services/razor.te
--- nsaserefpolicy/policy/modules/services/razor.te 2008-11-19 18:10:07.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/razor.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/razor.te 2009-01-16 16:06:27.000000000 -0500
@@ -6,6 +6,32 @@
# Declarations
#
@@ -18041,7 +18126,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.2/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ricci.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ricci.te 2009-01-16 16:06:27.000000000 -0500
@@ -133,6 +133,8 @@
dev_read_urand(ricci_t)
@@ -18148,7 +18233,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ccs_read_config(ricci_modstorage_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.6.2/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/rlogin.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rlogin.te 2009-01-16 16:06:27.000000000 -0500
@@ -91,10 +91,22 @@
remotelogin_signal(rlogind_t)
@@ -18176,7 +18261,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.6.2/policy/modules/services/rpc.fc
--- nsaserefpolicy/policy/modules/services/rpc.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/rpc.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rpc.fc 2009-01-16 16:06:27.000000000 -0500
@@ -13,6 +13,7 @@
# /usr
#
@@ -18187,7 +18272,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.nfsd -- gen_context(system_u:object_r:nfsd_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.6.2/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/rpc.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rpc.if 2009-01-16 16:06:27.000000000 -0500
@@ -88,8 +88,11 @@
# bind to arbitary unused ports
corenet_tcp_bind_generic_port($1_t)
@@ -18251,7 +18336,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.2/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/rpc.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rpc.te 2009-01-16 16:06:27.000000000 -0500
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -18305,7 +18390,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.2/policy/modules/services/rshd.te
--- nsaserefpolicy/policy/modules/services/rshd.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/rshd.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rshd.te 2009-01-16 16:06:27.000000000 -0500
@@ -51,7 +51,7 @@
files_list_home(rshd_t)
@@ -18315,9 +18400,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_login_pgm_domain(rshd_t)
auth_write_login_records(rshd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.2/policy/modules/services/rsync.te
+--- nsaserefpolicy/policy/modules/services/rsync.te 2009-01-05 15:39:43.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/rsync.te 2009-01-16 16:06:27.000000000 -0500
+@@ -119,5 +119,8 @@
+
+ tunable_policy(`rsync_export_all_ro',`
+ fs_read_noxattr_fs_files(rsync_t)
++ auth_read_all_dirs_except_shadow(rsync_t)
+ auth_read_all_files_except_shadow(rsync_t)
++ auth_tunable_read_shadow(rsync_t)
+ ')
++auth_can_read_shadow_passwords(rsync_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.2/policy/modules/services/samba.fc
--- nsaserefpolicy/policy/modules/services/samba.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/samba.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/samba.fc 2009-01-16 16:06:27.000000000 -0500
@@ -2,6 +2,9 @@
#
# /etc
@@ -18346,7 +18443,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.2/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/samba.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/samba.if 2009-01-16 16:06:27.000000000 -0500
@@ -4,6 +4,45 @@
## from Windows NT servers.
##
@@ -18746,7 +18843,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.2/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/samba.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/samba.te 2009-01-16 16:06:27.000000000 -0500
@@ -66,6 +66,13 @@
##
gen_tunable(samba_share_nfs, false)
@@ -19154,7 +19251,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow smbcontrol_t nmbd_var_run_t:file { read lock };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.2/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/sasl.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/sasl.te 2009-01-16 16:06:27.000000000 -0500
@@ -107,6 +107,10 @@
')
@@ -19168,7 +19265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.2/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/sendmail.if 2009-01-13 09:34:43.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/sendmail.if 2009-01-16 16:06:27.000000000 -0500
@@ -149,3 +149,92 @@
logging_log_filetrans($1, sendmail_log_t, file)
@@ -19264,7 +19361,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.2/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/sendmail.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/sendmail.te 2009-01-16 16:06:27.000000000 -0500
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -19434,7 +19531,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.2/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,3 +1,5 @@
+/etc/rc\.d/init\.d/setroubleshoot -- gen_context(system_u:object_r:setroubleshoot_initrc_exec_t,s0)
+
@@ -19443,7 +19540,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.2/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.if 2009-01-16 16:06:27.000000000 -0500
@@ -16,8 +16,8 @@
')
@@ -19455,7 +19552,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -36,6 +36,48 @@
+@@ -36,6 +36,69 @@
type setroubleshootd_t, setroubleshoot_var_run_t;
')
@@ -19466,6 +19563,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+########################################
+##
++## Send and receive messages from
++## setroubleshoot over dbus.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`setroubleshoot_dbus_chat',`
++ gen_require(`
++ type setroubleshootd_t;
++ class dbus send_msg;
++ ')
++
++ allow $1 setroubleshootd_t:dbus send_msg;
++ allow setroubleshootd_t $1:dbus send_msg;
++')
++
++########################################
++##
+## All of the rules required to administrate
+## an setroubleshoot environment
+##
@@ -19507,7 +19625,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.2/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/setroubleshoot.te 2009-01-16 16:06:27.000000000 -0500
@@ -11,6 +11,9 @@
domain_type(setroubleshootd_t)
init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
@@ -19594,7 +19712,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
rpm_use_script_fds(setroubleshootd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.2/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/smartmon.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/smartmon.te 2009-01-16 16:06:27.000000000 -0500
@@ -19,6 +19,10 @@
type fsdaemon_tmp_t;
files_tmp_file(fsdaemon_tmp_t)
@@ -19654,7 +19772,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.6.2/policy/modules/services/snmp.fc
--- nsaserefpolicy/policy/modules/services/snmp.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/snmp.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/snmp.fc 2009-01-16 16:06:27.000000000 -0500
@@ -20,5 +20,5 @@
/var/net-snmp(/.*) gen_context(system_u:object_r:snmpd_var_lib_t,s0)
@@ -19664,7 +19782,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.2/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/snmp.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/snmp.te 2009-01-16 16:06:27.000000000 -0500
@@ -71,6 +71,7 @@
corenet_tcp_bind_snmp_port(snmpd_t)
corenet_udp_bind_snmp_port(snmpd_t)
@@ -19675,7 +19793,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_sysfs(snmpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.6.2/policy/modules/services/snort.te
--- nsaserefpolicy/policy/modules/services/snort.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/snort.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/snort.te 2009-01-16 16:06:27.000000000 -0500
@@ -56,6 +56,7 @@
files_pid_filetrans(snort_t, snort_var_run_t, file)
@@ -19708,7 +19826,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.2/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/spamassassin.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/spamassassin.fc 2009-01-16 16:06:27.000000000 -0500
@@ -1,15 +1,24 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
@@ -19739,7 +19857,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.2/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/spamassassin.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/spamassassin.if 2009-01-16 16:06:27.000000000 -0500
@@ -111,6 +111,7 @@
')
@@ -19828,7 +19946,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.2/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/spamassassin.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/spamassassin.te 2009-01-16 16:06:27.000000000 -0500
@@ -20,6 +20,35 @@
##
gen_tunable(spamd_enable_home_dirs, true)
@@ -20088,7 +20206,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.2/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/squid.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/squid.if 2009-01-16 16:06:27.000000000 -0500
@@ -21,6 +21,25 @@
########################################
@@ -20117,7 +20235,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.2/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/squid.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/squid.te 2009-01-16 16:06:27.000000000 -0500
@@ -118,6 +118,8 @@
fs_getattr_all_fs(squid_t)
@@ -20138,7 +20256,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.6.2/policy/modules/services/ssh.fc
--- nsaserefpolicy/policy/modules/services/ssh.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ssh.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ssh.fc 2009-01-16 16:06:27.000000000 -0500
@@ -14,3 +14,5 @@
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
@@ -20147,7 +20265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root/\.ssh(/.*)? gen_context(system_u:object_r:home_ssh_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.2/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ssh.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ssh.if 2009-01-16 16:06:27.000000000 -0500
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -20215,16 +20333,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_urand($1_ssh_t)
-@@ -133,6 +133,8 @@
+@@ -132,6 +132,10 @@
+ files_read_etc_runtime_files($1_ssh_t)
files_read_etc_files($1_ssh_t)
files_read_var_files($1_ssh_t)
-
-+ auth_use_nsswitch($1_ssh_t)
++ # Required for FreeNX
++ files_read_var_lib_symlinks($1_t)
+
++ auth_use_nsswitch($1_ssh_t)
+
logging_send_syslog_msg($1_ssh_t)
logging_read_generic_logs($1_ssh_t)
-
-@@ -140,9 +142,6 @@
+@@ -140,9 +144,6 @@
seutil_read_config($1_ssh_t)
@@ -20234,7 +20354,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`read_default_t',`
files_list_default($1_ssh_t)
files_read_default_files($1_ssh_t)
-@@ -154,14 +153,6 @@
+@@ -154,14 +155,6 @@
optional_policy(`
kerberos_use($1_ssh_t)
')
@@ -20249,7 +20369,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
#######################################
-@@ -194,13 +185,14 @@
+@@ -194,13 +187,14 @@
type $1_var_run_t;
files_pid_file($1_var_run_t)
@@ -20265,7 +20385,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow $1_t $1_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
term_create_pty($1_t,$1_devpts_t)
-@@ -229,7 +221,12 @@
+@@ -229,7 +223,12 @@
corenet_udp_bind_all_nodes($1_t)
corenet_tcp_bind_ssh_port($1_t)
corenet_tcp_connect_all_ports($1_t)
@@ -20278,7 +20398,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_dontaudit_getattr_all_fs($1_t)
-@@ -254,9 +251,14 @@
+@@ -254,9 +253,14 @@
userdom_dontaudit_relabelfrom_user_ptys($1_t)
userdom_search_user_home_dirs($1_t)
@@ -20293,7 +20413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
tunable_policy(`use_samba_home_dirs',`
-@@ -265,11 +267,7 @@
+@@ -265,11 +269,7 @@
optional_policy(`
kerberos_use($1_t)
@@ -20306,7 +20426,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -611,3 +609,42 @@
+@@ -611,3 +611,42 @@
dontaudit $1 sshd_key_t:file { getattr read };
')
@@ -20351,7 +20471,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.2/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ssh.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ssh.te 2009-01-16 16:06:27.000000000 -0500
@@ -75,7 +75,7 @@
ubac_constrained(ssh_tmpfs_t)
@@ -20462,7 +20582,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_dontaudit_use_unpriv_user_fds(ssh_keygen_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.6.2/policy/modules/services/stunnel.fc
--- nsaserefpolicy/policy/modules/services/stunnel.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/stunnel.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/stunnel.fc 2009-01-16 16:06:27.000000000 -0500
@@ -2,5 +2,6 @@
/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0)
@@ -20472,7 +20592,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/stunnel(/.*)? gen_context(system_u:object_r:stunnel_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.6.2/policy/modules/services/stunnel.te
--- nsaserefpolicy/policy/modules/services/stunnel.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/stunnel.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/stunnel.te 2009-01-16 16:06:27.000000000 -0500
@@ -54,6 +54,8 @@
kernel_read_system_state(stunnel_t)
kernel_read_network_state(stunnel_t)
@@ -20492,7 +20612,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.6.2/policy/modules/services/sysstat.te
--- nsaserefpolicy/policy/modules/services/sysstat.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/sysstat.te 2009-01-12 15:45:05.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/sysstat.te 2009-01-16 16:06:27.000000000 -0500
@@ -26,6 +26,7 @@
can_exec(sysstat_t, sysstat_exec_t)
@@ -20503,7 +20623,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# get info from /proc
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.6.2/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/telnet.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/telnet.te 2009-01-16 16:06:27.000000000 -0500
@@ -87,8 +87,8 @@
userdom_search_user_home_dirs(telnetd_t)
@@ -20517,7 +20637,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`use_nfs_home_dirs',`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.6.2/policy/modules/services/tor.te
--- nsaserefpolicy/policy/modules/services/tor.te 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/tor.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/tor.te 2009-01-16 16:06:27.000000000 -0500
@@ -34,7 +34,7 @@
# tor local policy
#
@@ -20529,7 +20649,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow tor_t self:netlink_route_socket r_netlink_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.fc serefpolicy-3.6.2/policy/modules/services/ulogd.fc
--- nsaserefpolicy/policy/modules/services/ulogd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ulogd.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ulogd.fc 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,10 @@
+
+/etc/rc\.d/init\.d/ulogd -- gen_context(system_u:object_r:ulogd_initrc_exec_t,s0)
@@ -20543,7 +20663,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/ulogd(/.*)? gen_context(system_u:object_r:ulogd_var_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.if serefpolicy-3.6.2/policy/modules/services/ulogd.if
--- nsaserefpolicy/policy/modules/services/ulogd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ulogd.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ulogd.if 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,127 @@
+## policy for ulogd
+
@@ -20674,7 +20794,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.te serefpolicy-3.6.2/policy/modules/services/ulogd.te
--- nsaserefpolicy/policy/modules/services/ulogd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/ulogd.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/ulogd.te 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,51 @@
+policy_module(ulogd,1.0.0)
+
@@ -20729,7 +20849,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive ulogd_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.fc serefpolicy-3.6.2/policy/modules/services/uucp.fc
--- nsaserefpolicy/policy/modules/services/uucp.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/uucp.fc 2009-01-13 09:34:09.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/uucp.fc 2009-01-16 16:06:27.000000000 -0500
@@ -7,3 +7,5 @@
/var/spool/uucppublic(/.*)? gen_context(system_u:object_r:uucpd_spool_t,s0)
@@ -20738,7 +20858,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lock/uucp(/.*)? gen_context(system_u:object_r:uucpd_lock_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.2/policy/modules/services/uucp.te
--- nsaserefpolicy/policy/modules/services/uucp.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/uucp.te 2009-01-13 09:35:13.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/uucp.te 2009-01-16 16:06:27.000000000 -0500
@@ -10,6 +10,9 @@
inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
role system_r types uucpd_t;
@@ -20770,7 +20890,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.2/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/virt.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/virt.te 2009-01-16 16:06:27.000000000 -0500
@@ -96,7 +96,7 @@
corenet_tcp_sendrecv_all_nodes(virtd_t)
corenet_tcp_sendrecv_all_ports(virtd_t)
@@ -20812,7 +20932,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.2/policy/modules/services/w3c.te
--- nsaserefpolicy/policy/modules/services/w3c.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.6.2/policy/modules/services/w3c.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/w3c.te 2009-01-16 16:06:27.000000000 -0500
@@ -8,11 +8,18 @@
apache_content_template(w3c_validator)
@@ -20834,7 +20954,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.2/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/xserver.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/xserver.fc 2009-01-16 16:06:27.000000000 -0500
@@ -3,11 +3,14 @@
#
HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -20901,7 +21021,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.2/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/xserver.if 2009-01-12 14:24:38.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/xserver.if 2009-01-16 16:06:27.000000000 -0500
@@ -156,7 +156,7 @@
allow $1 xserver_t:process signal;
@@ -21309,7 +21429,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## display.
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.2/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/xserver.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/xserver.te 2009-01-16 16:06:27.000000000 -0500
@@ -34,6 +34,13 @@
##
@@ -21680,7 +21800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
+ polkit_domtrans_auth(xdm_t)
-+ polkit_read_lib(xdm_t)
++ polkit_read_reload(xdm_t)
+')
+
+# On crash gdm execs gdb to dump stack
@@ -21849,13 +21969,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.fc serefpolicy-3.6.2/policy/modules/services/zosremote.fc
--- nsaserefpolicy/policy/modules/services/zosremote.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/zosremote.fc 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/zosremote.fc 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,2 @@
+
+/sbin/audispd-zos-remote -- gen_context(system_u:object_r:zos_remote_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.6.2/policy/modules/services/zosremote.if
--- nsaserefpolicy/policy/modules/services/zosremote.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/zosremote.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/zosremote.if 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,46 @@
+## policy for z/OS Remote-services Audit dispatcher plugin
+
@@ -21905,7 +22025,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.te serefpolicy-3.6.2/policy/modules/services/zosremote.te
--- nsaserefpolicy/policy/modules/services/zosremote.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/services/zosremote.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/services/zosremote.te 2009-01-16 16:06:27.000000000 -0500
@@ -0,0 +1,33 @@
+policy_module(zosremote,1.0.0)
+
@@ -21987,7 +22107,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.2/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/system/authlogin.if 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/system/authlogin.if 2009-01-16 10:23:40.000000000 -0500
@@ -43,6 +43,7 @@
interface(`auth_login_pgm_domain',`
gen_require(`
@@ -23439,7 +23559,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.2/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.2/policy/modules/system/logging.te 2009-01-05 17:54:59.000000000 -0500
++++ serefpolicy-3.6.2/policy/modules/system/logging.te 2009-01-16 14:54:05.000000000 -0500
@@ -126,7 +126,7 @@
allow auditd_t self:process { signal_perms setpgid setsched };
allow auditd_t self:file rw_file_perms;
@@ -23463,14 +23583,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
-allow audisp_t self:capability sys_nice;
-+allow audisp_t self:capability { dac_override sys_nice };
- allow audisp_t self:process setsched;
+-allow audisp_t self:process setsched;
-allow audisp_t self:fifo_file rw_file_perms;
++allow audisp_t self:capability { dac_override sys_nice };
++allow audisp_t self:process { signal_perms setsched };
+allow audisp_t self:fifo_file rw_fifo_file_perms;
allow audisp_t self:unix_stream_socket create_stream_socket_perms;
allow audisp_t self:unix_dgram_socket create_socket_perms;
-@@ -231,9 +233,12 @@
+@@ -226,20 +228,32 @@
+ manage_sock_files_pattern(audisp_t, audisp_var_run_t, audisp_var_run_t)
+ files_pid_filetrans(audisp_t, audisp_var_run_t, sock_file)
+
+-corecmd_search_bin(audisp_t)
++corecmd_exec_bin(audisp_t)
++corecmd_exec_shell(audisp_t)
+
domain_use_interactive_fds(audisp_t)
files_read_etc_files(audisp_t)
@@ -23483,7 +23611,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_syslog_msg(audisp_t)
miscfiles_read_localization(audisp_t)
-@@ -253,11 +258,16 @@
+
+ sysnet_dns_name_resolve(audisp_t)
+
++optional_policy(`
++ dbus_system_bus_client(audisp_t)
++
++ optional_policy(`
++ setroubleshoot_dbus_chat(audisp_t)
++ ')
++')
++
+ ########################################
+ #
+ # Audit remote logger local policy
+@@ -253,11 +267,16 @@
corenet_tcp_sendrecv_all_nodes(audisp_remote_t)
corenet_tcp_connect_audit_port(audisp_remote_t)
corenet_sendrecv_audit_client_packets(audisp_remote_t)
@@ -23500,7 +23642,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(audisp_remote_t)
sysnet_dns_name_resolve(audisp_remote_t)
-@@ -337,7 +347,7 @@
+@@ -337,7 +356,7 @@
allow syslogd_t self:unix_dgram_socket create_socket_perms;
allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
allow syslogd_t self:unix_dgram_socket sendto;
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3a4fea9..edec78e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.2
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -445,6 +445,9 @@ exit 0
%endif
%changelog
+* Thu Jan 15 2009 Dan Walsh 3.6.2-5
+- Define openoffice as an x_domain
+
* Mon Jan 12 2009 Dan Walsh 3.6.2-4
- Fixes for reading xserver_tmp_t