diff --git a/.cvsignore b/.cvsignore
index 724a8a9..8252a82 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -168,3 +168,4 @@ serefpolicy-3.6.10.tgz
serefpolicy-3.6.11.tgz
serefpolicy-3.6.12.tgz
serefpolicy-3.6.13.tgz
+serefpolicy-3.6.14.tgz
diff --git a/nsadiff b/nsadiff
index d968a16..a234622 100755
--- a/nsadiff
+++ b/nsadiff
@@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.13 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.14 > /tmp/diff
diff --git a/policy-F12.patch b/policy-F12.patch
index 4f435c0..df0fbcd 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -1,6 +1,6 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.6.14/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mcs/default_contexts 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/default_contexts 2009-06-08 21:43:15.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -24,13 +24,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:xdm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.6.14/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.14/config/appconfig-mcs/failsafe_context 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/failsafe_context 2009-06-08 21:43:15.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.6.14/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mcs/root_default_contexts 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/root_default_contexts 2009-06-08 21:43:15.000000000 -0400
@@ -1,11 +1,7 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -47,7 +47,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/securetty_types serefpolicy-3.6.14/config/appconfig-mcs/securetty_types
--- nsaserefpolicy/config/appconfig-mcs/securetty_types 2009-06-08 15:22:18.000000000 -0400
-+++ serefpolicy-3.6.14/config/appconfig-mcs/securetty_types 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/securetty_types 2009-06-08 21:43:15.000000000 -0400
@@ -1 +1,6 @@
+auditadm_tty_device_t
+secadm_tty_device_t
@@ -57,7 +57,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
user_tty_device_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.6.14/config/appconfig-mcs/seusers
--- nsaserefpolicy/config/appconfig-mcs/seusers 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.14/config/appconfig-mcs/seusers 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/seusers 2009-06-08 21:43:15.000000000 -0400
@@ -1,3 +1,3 @@
system_u:system_u:s0-mcs_systemhigh
-root:root:s0-mcs_systemhigh
@@ -66,7 +66,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+__default__:unconfined_u:s0-mcs_systemhigh
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.6.14/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mcs/staff_u_default_contexts 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/staff_u_default_contexts 2009-06-08 21:43:15.000000000 -0400
@@ -1,10 +1,12 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -83,7 +83,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.6.14/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mcs/unconfined_u_default_contexts 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/unconfined_u_default_contexts 2009-06-08 21:43:15.000000000 -0400
@@ -1,4 +1,4 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 unconfined_r:unconfined_cronjob_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0
@@ -99,13 +99,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.6.14/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.6.14/config/appconfig-mcs/userhelper_context 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/userhelper_context 2009-06-08 21:43:15.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.6.14/config/appconfig-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mcs/user_u_default_contexts 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/user_u_default_contexts 2009-06-08 21:43:15.000000000 -0400
@@ -1,8 +1,9 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -120,18 +120,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+user_r:user_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_domain_context serefpolicy-3.6.14/config/appconfig-mcs/virtual_domain_context
--- nsaserefpolicy/config/appconfig-mcs/virtual_domain_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mcs/virtual_domain_context 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/virtual_domain_context 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1 @@
+system_u:system_r:svirt_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_image_context serefpolicy-3.6.14/config/appconfig-mcs/virtual_image_context
--- nsaserefpolicy/config/appconfig-mcs/virtual_image_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mcs/virtual_image_context 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mcs/virtual_image_context 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,2 @@
+system_u:object_r:svirt_image_t:s0
+system_u:object_r:virt_content_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.6.14/config/appconfig-mls/default_contexts
--- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mls/default_contexts 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mls/default_contexts 2009-06-08 21:43:15.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -155,7 +155,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+system_r:xdm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.6.14/config/appconfig-mls/root_default_contexts
--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mls/root_default_contexts 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mls/root_default_contexts 2009-06-08 21:43:15.000000000 -0400
@@ -1,11 +1,11 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:cronjob_t:s0 staff_r:cronjob_t:s0 user_r:cronjob_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -176,18 +176,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_domain_context serefpolicy-3.6.14/config/appconfig-mls/virtual_domain_context
--- nsaserefpolicy/config/appconfig-mls/virtual_domain_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mls/virtual_domain_context 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mls/virtual_domain_context 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1 @@
+system_u:system_r:qemu_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_image_context serefpolicy-3.6.14/config/appconfig-mls/virtual_image_context
--- nsaserefpolicy/config/appconfig-mls/virtual_image_context 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/config/appconfig-mls/virtual_image_context 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-mls/virtual_image_context 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,2 @@
+system_u:object_r:virt_image_t:s0
+system_u:object_r:virt_content_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/securetty_types serefpolicy-3.6.14/config/appconfig-standard/securetty_types
--- nsaserefpolicy/config/appconfig-standard/securetty_types 2009-06-08 15:22:18.000000000 -0400
-+++ serefpolicy-3.6.14/config/appconfig-standard/securetty_types 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/config/appconfig-standard/securetty_types 2009-06-08 21:43:15.000000000 -0400
@@ -1 +1,6 @@
+auditadm_tty_device_t
+secadm_tty_device_t
@@ -197,7 +197,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
user_tty_device_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.14/Makefile
--- nsaserefpolicy/Makefile 2009-01-19 11:07:35.000000000 -0500
-+++ serefpolicy-3.6.14/Makefile 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/Makefile 2009-06-08 21:43:15.000000000 -0400
@@ -241,7 +241,7 @@
appdir := $(contextpath)
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -262,7 +262,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Mak
$(verbose) $(INSTALL) -m 644 $< $@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.6.14/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/policy/global_tunables 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/global_tunables 2009-06-08 21:43:15.000000000 -0400
@@ -61,15 +61,6 @@
## <desc>
@@ -300,7 +300,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.14/policy/mcs
--- nsaserefpolicy/policy/mcs 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/mcs 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/mcs 2009-06-08 21:43:15.000000000 -0400
@@ -67,7 +67,7 @@
# Note that getattr on files is always permitted.
#
@@ -334,7 +334,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
(( h1 dom h2 ) or ( t1 == mcssetcats ));
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.6.14/policy/mls
--- nsaserefpolicy/policy/mls 2009-06-08 15:22:18.000000000 -0400
-+++ serefpolicy-3.6.14/policy/mls 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/mls 2009-06-08 21:43:15.000000000 -0400
@@ -516,25 +516,6 @@
@@ -363,7 +363,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.6.14/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/anaconda.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/anaconda.te 2009-06-08 21:43:15.000000000 -0400
@@ -31,6 +31,7 @@
modutils_domtrans_insmod(anaconda_t)
@@ -374,7 +374,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.6.14/policy/modules/admin/certwatch.te
--- nsaserefpolicy/policy/modules/admin/certwatch.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/certwatch.te 2009-06-08 21:24:50.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/certwatch.te 2009-06-08 21:43:15.000000000 -0400
@@ -24,18 +24,22 @@
files_read_usr_files(certwatch_t)
files_read_usr_symlinks(certwatch_t)
@@ -401,7 +401,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.fc serefpolicy-3.6.14/policy/modules/admin/dmesg.fc
--- nsaserefpolicy/policy/modules/admin/dmesg.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/admin/dmesg.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/dmesg.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,2 +1,4 @@
/bin/dmesg -- gen_context(system_u:object_r:dmesg_exec_t,s0)
@@ -409,7 +409,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/sbin/mcelog -- gen_context(system_u:object_r:dmesg_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.6.14/policy/modules/admin/dmesg.te
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/dmesg.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/dmesg.te 2009-06-08 21:43:15.000000000 -0400
@@ -9,6 +9,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -446,7 +446,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.6.14/policy/modules/admin/kismet.if
--- nsaserefpolicy/policy/modules/admin/kismet.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/kismet.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/kismet.if 2009-06-08 21:43:15.000000000 -0400
@@ -16,6 +16,7 @@
')
@@ -457,7 +457,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.14/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/kismet.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/kismet.te 2009-06-08 21:43:15.000000000 -0400
@@ -14,27 +14,36 @@
type kismet_var_run_t;
files_pid_file(kismet_var_run_t)
@@ -525,7 +525,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+userdom_read_user_tmpfs_files(kismet_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.6.14/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2009-04-07 15:53:36.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/admin/logrotate.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/logrotate.te 2009-06-08 21:43:15.000000000 -0400
@@ -116,8 +116,9 @@
seutil_dontaudit_read_config(logrotate_t)
@@ -558,7 +558,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.6.14/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2009-03-20 12:39:40.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/admin/logwatch.te 2009-06-08 21:23:56.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/logwatch.te 2009-06-08 21:43:15.000000000 -0400
@@ -62,10 +62,9 @@
files_read_usr_files(logwatch_t)
files_search_spool(logwatch_t)
@@ -588,7 +588,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.6.14/policy/modules/admin/mrtg.te
--- nsaserefpolicy/policy/modules/admin/mrtg.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/mrtg.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/mrtg.te 2009-06-08 21:43:15.000000000 -0400
@@ -116,6 +116,7 @@
userdom_use_user_terminals(mrtg_t)
userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -599,7 +599,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_udp_sendrecv_lo_if(mrtg_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.6.14/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/admin/netutils.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/netutils.te 2009-06-08 21:43:15.000000000 -0400
@@ -50,7 +50,7 @@
files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
@@ -622,7 +622,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.6.14/policy/modules/admin/prelink.fc
--- nsaserefpolicy/policy/modules/admin/prelink.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/admin/prelink.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/prelink.fc 2009-06-08 21:43:15.000000000 -0400
@@ -5,3 +5,5 @@
/var/log/prelink\.log -- gen_context(system_u:object_r:prelink_log_t,s0)
@@ -631,7 +631,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/misc/prelink.* -- gen_context(system_u:object_r:prelink_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.6.14/policy/modules/admin/prelink.if
--- nsaserefpolicy/policy/modules/admin/prelink.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/prelink.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/prelink.if 2009-06-08 21:43:15.000000000 -0400
@@ -120,3 +120,23 @@
logging_search_logs($1)
manage_files_pattern($1, prelink_log_t, prelink_log_t)
@@ -658,7 +658,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.14/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/prelink.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/prelink.te 2009-06-08 21:43:15.000000000 -0400
@@ -21,12 +21,15 @@
type prelink_tmp_t;
files_tmp_file(prelink_tmp_t)
@@ -735,7 +735,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.fc serefpolicy-3.6.14/policy/modules/admin/readahead.fc
--- nsaserefpolicy/policy/modules/admin/readahead.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/admin/readahead.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/readahead.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,3 +1,5 @@
-/etc/readahead.d(/.*)? gen_context(system_u:object_r:readahead_etc_rw_t,s0)
+/usr/sbin/readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
@@ -746,7 +746,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/usr/sbin/readahead -- gen_context(system_u:object_r:readahead_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.14/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/readahead.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/readahead.te 2009-06-08 21:43:15.000000000 -0400
@@ -11,8 +11,8 @@
init_daemon_domain(readahead_t, readahead_exec_t)
application_domain(readahead_t, readahead_exec_t)
@@ -813,7 +813,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(readahead_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.14/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/admin/rpm.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/rpm.fc 2009-06-08 21:43:15.000000000 -0400
@@ -3,15 +3,12 @@
/usr/bin/smart -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -856,7 +856,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_suse', `
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.14/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/rpm.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/rpm.if 2009-06-08 21:43:15.000000000 -0400
@@ -66,6 +66,11 @@
rpm_domtrans($1)
role $2 types rpm_t;
@@ -1217,7 +1217,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.6.14/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/rpm.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/rpm.te 2009-06-08 21:43:15.000000000 -0400
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
@@ -1451,7 +1451,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
java_domtrans_unconfined(rpm_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.14/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/sudo.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/sudo.if 2009-06-08 21:43:15.000000000 -0400
@@ -32,6 +32,7 @@
gen_require(`
@@ -1589,7 +1589,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-3.6.14/policy/modules/admin/sudo.te
--- nsaserefpolicy/policy/modules/admin/sudo.te 2009-01-05 15:39:44.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/sudo.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/sudo.te 2009-06-08 21:43:15.000000000 -0400
@@ -4,6 +4,7 @@
########################################
#
@@ -1600,7 +1600,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
application_executable_file(sudo_exec_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.6.14/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/su.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/su.if 2009-06-08 21:43:15.000000000 -0400
@@ -90,15 +90,6 @@
miscfiles_read_localization($1_su_t)
@@ -1635,7 +1635,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domain_subj_id_change_exemption($1_su_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.14/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/admin/tmpreaper.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/tmpreaper.te 2009-06-08 21:43:15.000000000 -0400
@@ -28,6 +28,9 @@
files_purge_tmp(tmpreaper_t)
# why does it need setattr?
@@ -1675,7 +1675,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.14/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2009-03-20 12:39:40.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/admin/usermanage.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/usermanage.te 2009-06-08 21:43:15.000000000 -0400
@@ -209,6 +209,7 @@
files_manage_etc_files(groupadd_t)
files_relabel_etc_files(groupadd_t)
@@ -1707,7 +1707,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.6.14/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/admin/vbetool.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/admin/vbetool.te 2009-06-08 21:43:15.000000000 -0400
@@ -23,6 +23,7 @@
dev_rwx_zero(vbetool_t)
dev_read_sysfs(vbetool_t)
@@ -1728,7 +1728,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.6.14/policy/modules/apps/awstats.te
--- nsaserefpolicy/policy/modules/apps/awstats.te 2009-02-16 08:44:12.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/awstats.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/awstats.te 2009-06-08 21:43:15.000000000 -0400
@@ -51,6 +51,8 @@
libs_read_lib_files(awstats_t)
@@ -1740,18 +1740,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sysnet_dns_name_resolve(awstats_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.fc serefpolicy-3.6.14/policy/modules/apps/cpufreqselector.fc
--- nsaserefpolicy/policy/modules/apps/cpufreqselector.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/cpufreqselector.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/cpufreqselector.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1 @@
+/usr/bin/cpufreq-selector -- gen_context(system_u:object_r:cpufreqselector_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.if serefpolicy-3.6.14/policy/modules/apps/cpufreqselector.if
--- nsaserefpolicy/policy/modules/apps/cpufreqselector.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/cpufreqselector.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/cpufreqselector.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,2 @@
+## <summary>cpufreq-selector policy</summary>
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.6.14/policy/modules/apps/cpufreqselector.te
--- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/cpufreqselector.te 2009-06-08 21:25:51.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/cpufreqselector.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,42 @@
+policy_module(cpufreqselector,1.0.0)
+
@@ -1797,7 +1797,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive cpufreqselector_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.14/policy/modules/apps/gnome.fc
--- nsaserefpolicy/policy/modules/apps/gnome.fc 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/gnome.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/gnome.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,8 +1,16 @@
-HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
@@ -1819,7 +1819,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.6.14/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/gnome.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/gnome.if 2009-06-08 21:43:15.000000000 -0400
@@ -89,5 +89,175 @@
allow $1 gnome_home_t:dir manage_dir_perms;
@@ -1998,7 +1998,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.6.14/policy/modules/apps/gnome.te
--- nsaserefpolicy/policy/modules/apps/gnome.te 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/gnome.te 2009-06-08 21:31:42.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/gnome.te 2009-06-08 21:43:15.000000000 -0400
@@ -9,16 +9,18 @@
attribute gnomedomain;
@@ -2127,7 +2127,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.6.14/policy/modules/apps/gpg.fc
--- nsaserefpolicy/policy/modules/apps/gpg.fc 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/gpg.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/gpg.fc 2009-06-08 21:43:15.000000000 -0400
@@ -5,5 +5,5 @@
/usr/bin/kgpg -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/bin/pinentry.* -- gen_context(system_u:object_r:pinentry_exec_t,s0)
@@ -2138,7 +2138,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.6.14/policy/modules/apps/gpg.if
--- nsaserefpolicy/policy/modules/apps/gpg.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/gpg.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/gpg.if 2009-06-08 21:43:15.000000000 -0400
@@ -30,7 +30,7 @@
# allow ps to show gpg
@@ -2168,7 +2168,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.6.14/policy/modules/apps/gpg.te
--- nsaserefpolicy/policy/modules/apps/gpg.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/gpg.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/gpg.te 2009-06-08 21:43:15.000000000 -0400
@@ -60,7 +60,7 @@
allow gpg_t self:capability { ipc_lock setuid };
@@ -2265,7 +2265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.6.14/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/java.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/java.fc 2009-06-08 21:43:15.000000000 -0400
@@ -2,15 +2,16 @@
# /opt
#
@@ -2302,7 +2302,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/opera(/.*)?/opera -- gen_context(system_u:object_r:java_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.6.14/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/java.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/java.if 2009-06-08 21:43:15.000000000 -0400
@@ -30,6 +30,7 @@
allow java_t $2:unix_stream_socket connectto;
@@ -2445,7 +2445,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.14/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/java.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/java.te 2009-06-08 21:43:15.000000000 -0400
@@ -20,6 +20,8 @@
typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
@@ -2510,13 +2510,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.6.14/policy/modules/apps/livecd.fc
--- nsaserefpolicy/policy/modules/apps/livecd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/livecd.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/livecd.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.6.14/policy/modules/apps/livecd.if
--- nsaserefpolicy/policy/modules/apps/livecd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/livecd.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/livecd.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,50 @@
+
+## <summary>policy for livecd</summary>
@@ -2570,7 +2570,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.6.14/policy/modules/apps/livecd.te
--- nsaserefpolicy/policy/modules/apps/livecd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/livecd.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/livecd.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,26 @@
+policy_module(livecd, 1.0.0)
+
@@ -2600,7 +2600,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+seutil_domtrans_setfiles_mac(livecd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.6.14/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/apps/mono.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/mono.if 2009-06-08 21:43:15.000000000 -0400
@@ -21,6 +21,105 @@
########################################
@@ -2718,7 +2718,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_search_bin($1)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.6.14/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/mono.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/mono.te 2009-06-08 21:43:15.000000000 -0400
@@ -15,7 +15,7 @@
# Local policy
#
@@ -2744,7 +2744,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.6.14/policy/modules/apps/mozilla.fc
--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/mozilla.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/mozilla.fc 2009-06-08 21:43:15.000000000 -0400
@@ -17,7 +17,6 @@
#
# /etc
@@ -2761,7 +2761,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.6.14/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/mozilla.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/mozilla.if 2009-06-08 21:43:15.000000000 -0400
@@ -82,8 +82,7 @@
type mozilla_home_t;
')
@@ -2774,7 +2774,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.14/policy/modules/apps/mozilla.te
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/mozilla.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/mozilla.te 2009-06-08 21:43:15.000000000 -0400
@@ -105,6 +105,7 @@
# Should not need other ports
corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
@@ -2813,7 +2813,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.6.14/policy/modules/apps/nsplugin.fc
--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/nsplugin.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/nsplugin.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,12 @@
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -2829,7 +2829,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.14/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/nsplugin.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/nsplugin.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,313 @@
+
+## <summary>policy for nsplugin</summary>
@@ -3146,7 +3146,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.6.14/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/nsplugin.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/nsplugin.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,286 @@
+
+policy_module(nsplugin, 1.0.0)
@@ -3436,14 +3436,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.6.14/policy/modules/apps/openoffice.fc
--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/openoffice.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/openoffice.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,3 @@
+/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.6.14/policy/modules/apps/openoffice.if
--- nsaserefpolicy/policy/modules/apps/openoffice.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/openoffice.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/openoffice.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,93 @@
+## <summary>Openoffice</summary>
+
@@ -3540,7 +3540,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.6.14/policy/modules/apps/openoffice.te
--- nsaserefpolicy/policy/modules/apps/openoffice.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/openoffice.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/openoffice.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,14 @@
+
+policy_module(openoffice, 1.0.0)
@@ -3558,7 +3558,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.fc serefpolicy-3.6.14/policy/modules/apps/podsleuth.fc
--- nsaserefpolicy/policy/modules/apps/podsleuth.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/apps/podsleuth.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/podsleuth.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,2 +1,4 @@
/usr/bin/podsleuth -- gen_context(system_u:object_r:podsleuth_exec_t,s0)
@@ -3566,7 +3566,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/cache/podsleuth(/.*)? gen_context(system_u:object_r:podsleuth_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.if serefpolicy-3.6.14/policy/modules/apps/podsleuth.if
--- nsaserefpolicy/policy/modules/apps/podsleuth.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/apps/podsleuth.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/podsleuth.if 2009-06-08 21:43:15.000000000 -0400
@@ -16,4 +16,32 @@
')
@@ -3602,7 +3602,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.14/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/podsleuth.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/podsleuth.te 2009-06-08 21:43:15.000000000 -0400
@@ -11,25 +11,80 @@
application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t;
@@ -3690,13 +3690,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.fc serefpolicy-3.6.14/policy/modules/apps/pulseaudio.fc
--- nsaserefpolicy/policy/modules/apps/pulseaudio.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/pulseaudio.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/pulseaudio.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.6.14/policy/modules/apps/pulseaudio.if
--- nsaserefpolicy/policy/modules/apps/pulseaudio.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/pulseaudio.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/pulseaudio.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,148 @@
+
+## <summary>policy for pulseaudio</summary>
@@ -3848,7 +3848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.14/policy/modules/apps/pulseaudio.te
--- nsaserefpolicy/policy/modules/apps/pulseaudio.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/pulseaudio.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/pulseaudio.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,111 @@
+policy_module(pulseaudio,1.0.0)
+
@@ -3963,7 +3963,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.14/policy/modules/apps/qemu.fc
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/apps/qemu.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/qemu.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,2 +1,3 @@
-/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
-/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
@@ -3972,7 +3972,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.6.14/policy/modules/apps/qemu.if
--- nsaserefpolicy/policy/modules/apps/qemu.if 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/qemu.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/qemu.if 2009-06-08 21:43:15.000000000 -0400
@@ -40,6 +40,93 @@
qemu_domtrans($1)
@@ -4281,7 +4281,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.14/policy/modules/apps/qemu.te
--- nsaserefpolicy/policy/modules/apps/qemu.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/qemu.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/qemu.te 2009-06-08 21:43:15.000000000 -0400
@@ -13,28 +13,96 @@
## </desc>
gen_tunable(qemu_full_network, false)
@@ -4399,7 +4399,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.6.14/policy/modules/apps/sambagui.fc
--- nsaserefpolicy/policy/modules/apps/sambagui.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/sambagui.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/sambagui.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,4 @@
+/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
+
@@ -4407,13 +4407,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.6.14/policy/modules/apps/sambagui.if
--- nsaserefpolicy/policy/modules/apps/sambagui.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/sambagui.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/sambagui.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,2 @@
+## <summary>system-config-samba policy</summary>
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.6.14/policy/modules/apps/sambagui.te
--- nsaserefpolicy/policy/modules/apps/sambagui.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/sambagui.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/sambagui.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,57 @@
+policy_module(sambagui,1.0.0)
+
@@ -4474,12 +4474,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive sambagui_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.6.14/policy/modules/apps/sandbox.fc
--- nsaserefpolicy/policy/modules/apps/sandbox.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/sandbox.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/sandbox.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1 @@
+# No types are sandbox_exec_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.6.14/policy/modules/apps/sandbox.if
--- nsaserefpolicy/policy/modules/apps/sandbox.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/sandbox.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/sandbox.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,75 @@
+
+## <summary>policy for sandbox</summary>
@@ -4558,7 +4558,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.6.14/policy/modules/apps/sandbox.te
--- nsaserefpolicy/policy/modules/apps/sandbox.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/sandbox.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/sandbox.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,43 @@
+policy_module(sandbox,1.0.0)
+
@@ -4605,7 +4605,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+corecmd_exec_all_executables(sandbox_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.6.14/policy/modules/apps/screen.if
--- nsaserefpolicy/policy/modules/apps/screen.if 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/screen.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/screen.if 2009-06-08 21:43:15.000000000 -0400
@@ -165,3 +165,24 @@
nscd_socket_use($1_screen_t)
')
@@ -4633,7 +4633,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.te serefpolicy-3.6.14/policy/modules/apps/uml.te
--- nsaserefpolicy/policy/modules/apps/uml.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/uml.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/uml.te 2009-06-08 21:43:15.000000000 -0400
@@ -16,14 +16,12 @@
type uml_ro_t;
typealias uml_ro_t alias { user_uml_ro_t staff_uml_ro_t sysadm_uml_ro_t };
@@ -4653,7 +4653,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
typealias uml_tmp_t alias { user_uml_tmp_t staff_uml_tmp_t sysadm_uml_tmp_t };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.6.14/policy/modules/apps/vmware.fc
--- nsaserefpolicy/policy/modules/apps/vmware.fc 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/vmware.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/vmware.fc 2009-06-08 21:43:15.000000000 -0400
@@ -63,6 +63,7 @@
')
@@ -4664,7 +4664,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.6.14/policy/modules/apps/vmware.te
--- nsaserefpolicy/policy/modules/apps/vmware.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/vmware.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/vmware.te 2009-06-08 21:43:15.000000000 -0400
@@ -29,6 +29,10 @@
type vmware_host_exec_t;
init_daemon_domain(vmware_host_t, vmware_host_exec_t)
@@ -4755,7 +4755,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
storage_raw_read_removable_device(vmware_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-3.6.14/policy/modules/apps/webalizer.te
--- nsaserefpolicy/policy/modules/apps/webalizer.te 2009-02-16 08:44:12.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/webalizer.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/webalizer.te 2009-06-08 21:43:15.000000000 -0400
@@ -69,7 +69,6 @@
fs_search_auto_mountpoints(webalizer_t)
fs_getattr_xattr_fs(webalizer_t)
@@ -4766,7 +4766,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_runtime_files(webalizer_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.6.14/policy/modules/apps/wine.fc
--- nsaserefpolicy/policy/modules/apps/wine.fc 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/apps/wine.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/wine.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,4 +1,21 @@
-/usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
+/usr/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
@@ -4794,7 +4794,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/opt/picasa/wine/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.6.14/policy/modules/apps/wine.if
--- nsaserefpolicy/policy/modules/apps/wine.if 2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/wine.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/wine.if 2009-06-08 21:43:15.000000000 -0400
@@ -43,3 +43,63 @@
wine_domtrans($1)
role $2 types wine_t;
@@ -4861,7 +4861,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.6.14/policy/modules/apps/wine.te
--- nsaserefpolicy/policy/modules/apps/wine.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/wine.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/wine.te 2009-06-08 21:43:15.000000000 -0400
@@ -9,6 +9,7 @@
type wine_t;
type wine_exec_t;
@@ -4894,14 +4894,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.fc serefpolicy-3.6.14/policy/modules/apps/wm.fc
--- nsaserefpolicy/policy/modules/apps/wm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/wm.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/wm.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,3 @@
+/usr/bin/twm -- gen_context(system_u:object_r:wm_exec_t,s0)
+/usr/bin/openbox -- gen_context(system_u:object_r:wm_exec_t,s0)
+/usr/bin/metacity -- gen_context(system_u:object_r:wm_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.6.14/policy/modules/apps/wm.if
--- nsaserefpolicy/policy/modules/apps/wm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/wm.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/wm.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,108 @@
+## <summary>Window Manager.</summary>
+
@@ -5013,7 +5013,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.14/policy/modules/apps/wm.te
--- nsaserefpolicy/policy/modules/apps/wm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/apps/wm.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/apps/wm.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,9 @@
+policy_module(wm,0.0.4)
+
@@ -5026,7 +5026,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+corecmd_executable_file(wm_exec_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.14/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-03-05 10:34:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/corecommands.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/corecommands.fc 2009-06-08 21:43:15.000000000 -0400
@@ -7,6 +7,7 @@
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -5109,7 +5109,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.6.14/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/corecommands.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/corecommands.if 2009-06-08 21:43:15.000000000 -0400
@@ -893,6 +893,7 @@
read_lnk_files_pattern($1, bin_t, bin_t)
@@ -5120,7 +5120,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.6.14/policy/modules/kernel/corenetwork.if.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/corenetwork.if.in 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/corenetwork.if.in 2009-06-08 21:43:15.000000000 -0400
@@ -1612,6 +1612,24 @@
########################################
@@ -5173,7 +5173,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.14/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-06-08 15:22:17.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/kernel/corenetwork.te.in 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/corenetwork.te.in 2009-06-08 21:43:15.000000000 -0400
@@ -65,6 +65,7 @@
type server_packet_t, packet_type, server_packet_type;
@@ -5291,8 +5291,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.6.14/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2009-06-08 15:22:17.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/kernel/devices.fc 2009-06-08 21:21:19.000000000 -0400
-@@ -47,8 +46,10 @@
++++ serefpolicy-3.6.14/policy/modules/kernel/devices.fc 2009-06-08 21:43:15.000000000 -0400
+@@ -47,8 +47,10 @@
/dev/kmem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
/dev/kmsg -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
/dev/kqemu -c gen_context(system_u:object_r:qemu_device_t,s0)
@@ -5305,7 +5305,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.6.14/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2009-06-08 15:22:17.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/kernel/devices.if 2009-06-08 21:34:49.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/devices.if 2009-06-08 21:43:15.000000000 -0400
@@ -1655,6 +1655,78 @@
########################################
@@ -5475,7 +5475,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.6.14/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2009-06-08 15:22:17.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/kernel/devices.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/devices.te 2009-06-08 21:43:15.000000000 -0400
@@ -84,6 +84,13 @@
dev_node(kmsg_device_t)
@@ -5505,7 +5505,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type lvm_control_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.14/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/domain.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/domain.if 2009-06-08 21:43:15.000000000 -0400
@@ -65,7 +65,8 @@
')
@@ -5598,7 +5598,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.14/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/domain.te 2009-06-08 21:26:28.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/domain.te 2009-06-08 21:43:15.000000000 -0400
@@ -5,6 +5,13 @@
#
# Declarations
@@ -5731,7 +5731,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.6.14/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/files.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/files.fc 2009-06-08 21:43:15.000000000 -0400
@@ -8,6 +8,8 @@
/initrd\.img.* -l gen_context(system_u:object_r:boot_t,s0)
/vmlinuz.* -l gen_context(system_u:object_r:boot_t,s0)
@@ -5760,7 +5760,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.14/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/files.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/files.if 2009-06-08 21:43:15.000000000 -0400
@@ -110,6 +110,11 @@
## </param>
#
@@ -6218,7 +6218,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.6.14/policy/modules/kernel/files.te
--- nsaserefpolicy/policy/modules/kernel/files.te 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/files.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/files.te 2009-06-08 21:43:15.000000000 -0400
@@ -52,7 +52,9 @@
#
# etc_t is the type of the system etc directories.
@@ -6244,24 +6244,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.6.14/policy/modules/kernel/filesystem.fc
--- nsaserefpolicy/policy/modules/kernel/filesystem.fc 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/kernel/filesystem.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/filesystem.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1 +1 @@
-# This module currently does not have any file contexts.
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.14/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2009-06-08 15:22:17.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/kernel/filesystem.if 2009-06-08 21:21:19.000000000 -0400
-3341,6 +3342,7 @@
- type tmpfs_t;
- ')
-
-+ dontaudit $1 tmpfs_t:dir rw_dir_perms;
- dontaudit $1 tmpfs_t:file rw_file_perms;
- ')
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.14/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/kernel.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/kernel.if 2009-06-08 21:43:15.000000000 -0400
@@ -157,7 +157,7 @@
type kernel_t;
')
@@ -6405,7 +6394,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.6.14/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/kernel.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/kernel.te 2009-06-08 21:43:15.000000000 -0400
@@ -63,6 +63,15 @@
genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
@@ -6517,237 +6506,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+files_boot(kernel_t)
+
+permissive kernel_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/rwhod.fc serefpolicy-3.6.14/policy/modules/kernel/rwhod.fc
---- nsaserefpolicy/policy/modules/kernel/rwhod.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/rwhod.fc 2009-06-08 21:21:19.000000000 -0400
-@@ -0,0 +1,5 @@
-+
-+/usr/sbin/rwhod -- gen_context(system_u:object_r:rwhod_exec_t,s0)
-+
-+/etc/rc\.d/init\.d/rwhod -- gen_context(system_u:object_r:rwhod_initrc_exec_t,s0)
-+/var/spool/rwho(/.*)? gen_context(system_u:object_r:rwhod_spool_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/rwhod.if serefpolicy-3.6.14/policy/modules/kernel/rwhod.if
---- nsaserefpolicy/policy/modules/kernel/rwhod.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/rwhod.if 2009-06-08 21:21:19.000000000 -0400
-@@ -0,0 +1,164 @@
-+
-+## <summary>policy for rwhod</summary>
-+
-+########################################
-+## <summary>
-+## Execute a domain transition to run rwhod.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed to transition.
-+## </summary>
-+## </param>
-+#
-+interface(`rwhod_domtrans',`
-+ gen_require(`
-+ type rwhod_t;
-+ type rwhod_exec_t;
-+ ')
-+
-+ domtrans_pattern($1,rwhod_exec_t,rwhod_t)
-+')
-+
-+
-+########################################
-+## <summary>
-+## Execute rwhod server in the rwhod domain.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## The type of the process performing this action.
-+## </summary>
-+## </param>
-+#
-+interface(`rwhod_initrc_domtrans',`
-+ gen_require(`
-+ type rwhod_initrc_exec_t;
-+ ')
-+
-+ init_labeled_script_domtrans($1,rwhod_initrc_exec_t)
-+')
-+
-+########################################
-+## <summary>
-+## Search rwhod spool directories.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`rwhod_search_spool',`
-+ gen_require(`
-+ type rwhod_spool_t;
-+ ')
-+
-+ allow $1 rwhod_spool_t:dir search_dir_perms;
-+ files_search_spool($1)
-+')
-+
-+########################################
-+## <summary>
-+## Read rwhod spool files.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`rwhod_read_spool_files',`
-+ gen_require(`
-+ type rwhod_spool_t;
-+ ')
-+
-+ files_search_spool($1)
-+ read_files_pattern($1, rwhod_spool_t rwhod_spool_t)
-+')
-+
-+########################################
-+## <summary>
-+## Create, read, write, and delete
-+## rwhod spool files.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`rwhod_manage_spool_files',`
-+ gen_require(`
-+ type rwhod_spool_t;
-+ ')
-+
-+ files_search_spool($1)
-+ manage_files_pattern($1,rwhod_spool_t,rwhod_spool_t)
-+')
-+
-+########################################
-+## <summary>
-+## Allow domain to manage rwhod spool files
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain to not audit.
-+## </summary>
-+## </param>
-+#
-+interface(`rwhod_manage_spool',`
-+ gen_require(`
-+ type rwhod_spool_t;
-+ ')
-+
-+ manage_dirs_pattern($1,rwhod_spool_t,rwhod_spool_t)
-+ manage_files_pattern($1,rwhod_spool_t,rwhod_spool_t)
-+ manage_lnk_files_pattern($1,rwhod_spool_t,rwhod_spool_t)
-+')
-+
-+
-+########################################
-+## <summary>
-+## All of the rules required to administrate
-+## an rwhod environment
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+## <param name="role">
-+## <summary>
-+## The role to be allowed to manage the rwhod domain.
-+## </summary>
-+## </param>
-+## <param name="terminal">
-+## <summary>
-+## The type of the user terminal.
-+## </summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`rwhod_admin',`
-+ gen_require(`
-+ type rwhod_t;
-+ ')
-+
-+ allow $1 rwhod_t:process { ptrace signal_perms getattr };
-+ read_files_pattern($1, rwhod_t, rwhod_t)
-+
-+
-+ gen_require(`
-+ type rwhod_initrc_exec_t;
-+ ')
-+
-+ # Allow rwhod_t to restart the apache service
-+ rwhod_initrc_domtrans($1)
-+ domain_system_change_exemption($1)
-+ role_transition $2 rwhod_initrc_exec_t system_r;
-+ allow $2 system_r;
-+
-+ rwhod_manage_spool($1)
-+
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/rwhod.te serefpolicy-3.6.14/policy/modules/kernel/rwhod.te
---- nsaserefpolicy/policy/modules/kernel/rwhod.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/rwhod.te 2009-06-08 21:21:19.000000000 -0400
-@@ -0,0 +1,47 @@
-+policy_module(rwhod,1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+type rwhod_t;
-+type rwhod_exec_t;
-+init_daemon_domain(rwhod_t, rwhod_exec_t)
-+
-+permissive rwhod_t;
-+
-+type rwhod_initrc_exec_t;
-+init_script_file(rwhod_initrc_exec_t)
-+
-+type rwhod_spool_t;
-+files_type(rwhod_spool_t)
-+
-+########################################
-+#
-+# rwhod local policy
-+#
-+
-+allow rwhod self:capability { kill setgid setuid };
-+allow rwhod self:process { fork signal };
-+
-+# Init script handling
-+domain_use_interactive_fds(rwhod_t)
-+
-+# internal communication is often done using fifo and unix sockets.
-+allow rwhod_t self:fifo_file rw_file_perms;
-+allow rwhod_t self:unix_stream_socket create_stream_socket_perms;
-+
-+files_read_etc_files(rwhod_t)
-+
-+miscfiles_read_localization(rwhod_t)
-+
-+
-+allow rwhod_t rwhod_spool_t:dir manage_dir_perms;
-+allow rwhod_t rwhod_spool_t:file manage_file_perms;
-+allow rwhod_t rwhod_spool_t:sock_file manage_sock_file_perms;
-+files_spool_filetrans(rwhod_t,rwhod_spool_t, { file dir sock_file })
-+
-+auth_use_nsswitch(rwhod_t)
-+
-+logging_send_syslog_msg(rwhod_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.6.14/policy/modules/kernel/selinux.if
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/selinux.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/selinux.if 2009-06-08 21:43:15.000000000 -0400
@@ -40,7 +40,7 @@
# because of this statement, any module which
@@ -6807,7 +6568,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.6.14/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2009-03-05 12:28:57.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/storage.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/storage.fc 2009-06-08 21:43:15.000000000 -0400
@@ -57,7 +57,7 @@
/dev/cciss/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -6819,7 +6580,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/dev/i2o/hd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-3.6.14/policy/modules/kernel/terminal.fc
--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/kernel/terminal.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/terminal.fc 2009-06-08 21:43:15.000000000 -0400
@@ -13,6 +13,7 @@
/dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0)
@@ -6830,7 +6591,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/dev/tty -c gen_context(system_u:object_r:devtty_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.14/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2008-11-11 16:13:41.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/kernel/terminal.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/kernel/terminal.if 2009-06-08 21:43:15.000000000 -0400
@@ -173,7 +173,7 @@
dev_list_all_dev_nodes($1)
@@ -6878,7 +6639,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.6.14/policy/modules/roles/guest.te
--- nsaserefpolicy/policy/modules/roles/guest.te 2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/roles/guest.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/guest.te 2009-06-08 21:43:15.000000000 -0400
@@ -6,7 +6,7 @@
# Declarations
#
@@ -6904,7 +6665,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+gen_user(guest_u, user, guest_r, s0, s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.14/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/roles/staff.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/staff.te 2009-06-08 21:43:15.000000000 -0400
@@ -15,156 +15,99 @@
# Local policy
#
@@ -7099,7 +6860,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.6.14/policy/modules/roles/sysadm.if
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/roles/sysadm.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/sysadm.if 2009-06-08 21:43:15.000000000 -0400
@@ -116,41 +116,6 @@
########################################
@@ -7144,7 +6905,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## requiring the caller to use setexeccon().
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.14/policy/modules/roles/sysadm.te
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/roles/sysadm.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/sysadm.te 2009-06-08 21:43:15.000000000 -0400
@@ -15,7 +15,7 @@
role sysadm_r;
@@ -7435,7 +7196,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.6.14/policy/modules/roles/unconfineduser.fc
--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/roles/unconfineduser.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/unconfineduser.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,34 @@
+# Add programs here which should not be confined by SELinux
+# e.g.:
@@ -7473,7 +7234,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.6.14/policy/modules/roles/unconfineduser.if
--- nsaserefpolicy/policy/modules/roles/unconfineduser.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/roles/unconfineduser.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/unconfineduser.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,638 @@
+## <summary>Unconfiend user role</summary>
+
@@ -8115,7 +7876,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.14/policy/modules/roles/unconfineduser.te
--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/roles/unconfineduser.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/unconfineduser.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,403 @@
+policy_module(unconfineduser, 1.0.0)
+
@@ -8522,7 +8283,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.6.14/policy/modules/roles/unprivuser.te
--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/roles/unprivuser.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/unprivuser.te 2009-06-08 21:43:15.000000000 -0400
@@ -14,142 +14,13 @@
userdom_unpriv_user_template(user)
@@ -8671,7 +8432,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.te serefpolicy-3.6.14/policy/modules/roles/webadm.te
--- nsaserefpolicy/policy/modules/roles/webadm.te 2009-04-07 15:53:36.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/roles/webadm.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/webadm.te 2009-06-08 21:43:15.000000000 -0400
@@ -42,7 +42,7 @@
userdom_dontaudit_search_user_home_dirs(webadm_t)
@@ -8683,7 +8444,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_manage_user_home_content_files(webadm_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.14/policy/modules/roles/xguest.te
--- nsaserefpolicy/policy/modules/roles/xguest.te 2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/roles/xguest.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/roles/xguest.te 2009-06-08 21:43:15.000000000 -0400
@@ -67,7 +67,11 @@
')
@@ -8714,7 +8475,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+gen_user(xguest_u, user, xguest_r, s0, s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.14/policy/modules/services/afs.fc
--- nsaserefpolicy/policy/modules/services/afs.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/afs.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/afs.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,3 +1,6 @@
+/etc/rc\.d/init\.d/openafs-client -- gen_context(system_u:object_r:afs_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/afs -- gen_context(system_u:object_r:afs_initrc_exec_t,s0)
@@ -8738,7 +8499,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/cache/afs(/.*)? gen_context(system_u:object_r:afs_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.6.14/policy/modules/services/afs.if
--- nsaserefpolicy/policy/modules/services/afs.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/afs.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/afs.if 2009-06-08 21:43:15.000000000 -0400
@@ -1 +1,110 @@
## <summary>Andrew Filesystem server</summary>
+
@@ -8852,7 +8613,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.14/policy/modules/services/afs.te
--- nsaserefpolicy/policy/modules/services/afs.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/afs.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/afs.te 2009-06-08 21:43:15.000000000 -0400
@@ -6,6 +6,16 @@
# Declarations
#
@@ -8919,7 +8680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive afs_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.14/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/apache.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/apache.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,12 +1,13 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -9015,7 +8776,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/www/svn/conf(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.14/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/apache.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/apache.if 2009-06-08 21:43:15.000000000 -0400
@@ -13,21 +13,16 @@
#
template(`apache_content_template',`
@@ -9557,7 +9318,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.14/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/apache.te 2009-06-08 21:26:38.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/apache.te 2009-06-08 21:43:15.000000000 -0400
@@ -19,6 +19,8 @@
# Declarations
#
@@ -10268,7 +10029,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.6.14/policy/modules/services/apm.te
--- nsaserefpolicy/policy/modules/services/apm.te 2009-02-16 08:44:12.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/apm.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/apm.te 2009-06-08 21:43:15.000000000 -0400
@@ -123,6 +123,7 @@
libs_exec_lib_files(apmd_t)
@@ -10279,7 +10040,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_hwdata(apmd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audioentropy.te serefpolicy-3.6.14/policy/modules/services/audioentropy.te
--- nsaserefpolicy/policy/modules/services/audioentropy.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/audioentropy.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/audioentropy.te 2009-06-08 21:43:15.000000000 -0400
@@ -40,6 +40,9 @@
# and sample rate.
dev_write_sound(entropyd_t)
@@ -10304,7 +10065,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.6.14/policy/modules/services/automount.if
--- nsaserefpolicy/policy/modules/services/automount.if 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/automount.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/automount.if 2009-06-08 21:43:15.000000000 -0400
@@ -109,6 +109,25 @@
########################################
@@ -10333,7 +10094,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.14/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/automount.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/automount.te 2009-06-08 21:43:15.000000000 -0400
@@ -71,6 +71,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -10377,7 +10138,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.14/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/avahi.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/avahi.te 2009-06-08 21:43:15.000000000 -0400
@@ -33,6 +33,7 @@
allow avahi_t self:tcp_socket create_stream_socket_perms;
allow avahi_t self:udp_socket create_socket_perms;
@@ -10396,7 +10157,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.14/policy/modules/services/bind.fc
--- nsaserefpolicy/policy/modules/services/bind.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/bind.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/bind.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,17 +1,22 @@
/etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/unbound -- gen_context(system_u:object_r:named_initrc_exec_t,s0)
@@ -10436,7 +10197,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.14/policy/modules/services/bind.if
--- nsaserefpolicy/policy/modules/services/bind.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/bind.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/bind.if 2009-06-08 21:43:15.000000000 -0400
@@ -38,6 +38,42 @@
########################################
@@ -10535,7 +10296,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.6.14/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/bind.te 2009-06-08 21:26:49.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/bind.te 2009-06-08 21:43:15.000000000 -0400
@@ -123,6 +123,7 @@
corenet_sendrecv_dns_client_packets(named_t)
corenet_sendrecv_rndc_server_packets(named_t)
@@ -10555,7 +10316,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.6.14/policy/modules/services/bitlbee.te
--- nsaserefpolicy/policy/modules/services/bitlbee.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/bitlbee.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/bitlbee.te 2009-06-08 21:43:15.000000000 -0400
@@ -75,6 +75,8 @@
# grant read-only access to the user help files
files_read_usr_files(bitlbee_t)
@@ -10567,7 +10328,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(bitlbee_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.14/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/bluetooth.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/bluetooth.te 2009-06-08 21:43:15.000000000 -0400
@@ -152,6 +152,10 @@
optional_policy(`
hal_dbus_chat(bluetooth_t)
@@ -10581,7 +10342,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.6.14/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/clamav.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/clamav.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,20 +1,23 @@
/etc/clamav(/.*)? gen_context(system_u:object_r:clamd_etc_t,s0)
+/etc/rc\.d/init\.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_initrc_exec_t,s0)
@@ -10613,7 +10374,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.6.14/policy/modules/services/clamav.if
--- nsaserefpolicy/policy/modules/services/clamav.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/clamav.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/clamav.if 2009-06-08 21:43:15.000000000 -0400
@@ -38,6 +38,27 @@
########################################
@@ -10731,7 +10492,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.14/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/clamav.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/clamav.te 2009-06-08 21:43:15.000000000 -0400
@@ -13,7 +13,10 @@
# configuration files
@@ -10828,7 +10589,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.14/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/consolekit.te 2009-06-08 21:27:01.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/consolekit.te 2009-06-08 21:43:15.000000000 -0400
@@ -11,7 +11,7 @@
init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -10905,7 +10666,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.6.14/policy/modules/services/courier.if
--- nsaserefpolicy/policy/modules/services/courier.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/courier.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/courier.if 2009-06-08 21:43:15.000000000 -0400
@@ -179,6 +179,24 @@
########################################
@@ -10933,7 +10694,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.14/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/courier.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/courier.te 2009-06-08 21:43:15.000000000 -0400
@@ -10,6 +10,7 @@
type courier_etc_t;
@@ -10944,7 +10705,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.14/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/cron.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/cron.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/atd -- gen_context(system_u:object_r:crond_initrc_exec_t,s0)
@@ -10979,7 +10740,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/log/mcelog.* -- gen_context(system_u:object_r:cron_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.14/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/cron.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/cron.if 2009-06-08 21:43:15.000000000 -0400
@@ -12,6 +12,10 @@
## </param>
#
@@ -11281,7 +11042,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.14/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/cron.te 2009-06-08 21:33:31.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/cron.te 2009-06-08 21:43:15.000000000 -0400
@@ -38,6 +38,10 @@
type cron_var_lib_t;
files_type(cron_var_lib_t)
@@ -11629,7 +11390,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.14/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/cups.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/cups.fc 2009-06-08 21:43:15.000000000 -0400
@@ -5,27 +5,38 @@
/etc/cups/classes\.conf.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/cupsd\.conf.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -11705,7 +11466,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/cups/backend/cups-pdf -- gen_context(system_u:object_r:cups_pdf_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.6.14/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/cups.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/cups.if 2009-06-08 21:43:15.000000000 -0400
@@ -20,6 +20,30 @@
########################################
@@ -11832,7 +11593,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.14/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/cups.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/cups.te 2009-06-08 21:43:15.000000000 -0400
@@ -20,9 +20,18 @@
type cupsd_etc_t;
files_config_file(cupsd_etc_t)
@@ -12273,7 +12034,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.6.14/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/cvs.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/cvs.te 2009-06-08 21:43:15.000000000 -0400
@@ -112,4 +112,5 @@
read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)
manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)
@@ -12282,7 +12043,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.6.14/policy/modules/services/dbus.fc
--- nsaserefpolicy/policy/modules/services/dbus.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/dbus.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dbus.fc 2009-06-08 21:43:15.000000000 -0400
@@ -4,6 +4,9 @@
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/bin/dbus-daemon -- gen_context(system_u:object_r:dbusd_exec_t,s0)
@@ -12295,7 +12056,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.14/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/dbus.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dbus.if 2009-06-08 21:43:15.000000000 -0400
@@ -44,6 +44,7 @@
attribute session_bus_type;
@@ -12522,7 +12283,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.14/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/dbus.te 2009-06-08 21:27:13.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dbus.te 2009-06-08 21:43:15.000000000 -0400
@@ -9,14 +9,15 @@
#
# Delcarations
@@ -12655,7 +12416,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow session_bus_type dbusd_unconfined:dbus send_msg;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.fc serefpolicy-3.6.14/policy/modules/services/dcc.fc
--- nsaserefpolicy/policy/modules/services/dcc.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/dcc.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dcc.fc 2009-06-08 21:43:15.000000000 -0400
@@ -12,6 +12,8 @@
/var/dcc(/.*)? gen_context(system_u:object_r:dcc_var_t,s0)
@@ -12667,7 +12428,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/dcc/map -- gen_context(system_u:object_r:dcc_client_map_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.6.14/policy/modules/services/devicekit.fc
--- nsaserefpolicy/policy/modules/services/devicekit.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/devicekit.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/devicekit.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,9 @@
+
+/usr/libexec/devkit-daemon -- gen_context(system_u:object_r:devicekit_exec_t,s0)
@@ -12680,7 +12441,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/DeviceKit-disk(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.6.14/policy/modules/services/devicekit.if
--- nsaserefpolicy/policy/modules/services/devicekit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/devicekit.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/devicekit.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,197 @@
+
+## <summary>policy for devicekit</summary>
@@ -12881,7 +12642,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.14/policy/modules/services/devicekit.te
--- nsaserefpolicy/policy/modules/services/devicekit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/devicekit.te 2009-06-08 21:32:42.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/devicekit.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,233 @@
+policy_module(devicekit,1.0.0)
+
@@ -13118,7 +12879,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+#')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.6.14/policy/modules/services/dhcp.if
--- nsaserefpolicy/policy/modules/services/dhcp.if 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/dhcp.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dhcp.if 2009-06-08 21:43:15.000000000 -0400
@@ -22,6 +22,25 @@
########################################
@@ -13147,7 +12908,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.6.14/policy/modules/services/dnsmasq.if
--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/dnsmasq.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dnsmasq.if 2009-06-08 21:43:15.000000000 -0400
@@ -22,6 +22,25 @@
########################################
@@ -13176,7 +12937,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.14/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/dnsmasq.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dnsmasq.te 2009-06-08 21:43:15.000000000 -0400
@@ -42,8 +42,7 @@
files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
@@ -13204,7 +12965,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.6.14/policy/modules/services/dovecot.fc
--- nsaserefpolicy/policy/modules/services/dovecot.fc 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/dovecot.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dovecot.fc 2009-06-08 21:43:15.000000000 -0400
@@ -6,6 +6,7 @@
/etc/dovecot\.passwd.* gen_context(system_u:object_r:dovecot_passwd_t,s0)
@@ -13240,7 +13001,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.6.14/policy/modules/services/dovecot.if
--- nsaserefpolicy/policy/modules/services/dovecot.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/dovecot.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dovecot.if 2009-06-08 21:43:15.000000000 -0400
@@ -21,7 +21,46 @@
########################################
@@ -13352,7 +13113,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.14/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/dovecot.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/dovecot.te 2009-06-08 21:43:15.000000000 -0400
@@ -15,12 +15,21 @@
domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -13537,7 +13298,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.fc serefpolicy-3.6.14/policy/modules/services/fail2ban.fc
--- nsaserefpolicy/policy/modules/services/fail2ban.fc 2008-10-08 19:00:27.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/fail2ban.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/fail2ban.fc 2009-06-08 21:43:15.000000000 -0400
@@ -2,5 +2,9 @@
/usr/bin/fail2ban -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
@@ -13550,7 +13311,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/fail2ban.* gen_context(system_u:object_r:fail2ban_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.6.14/policy/modules/services/fail2ban.if
--- nsaserefpolicy/policy/modules/services/fail2ban.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/fail2ban.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/fail2ban.if 2009-06-08 21:43:15.000000000 -0400
@@ -20,6 +20,25 @@
########################################
@@ -13588,7 +13349,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow $2 system_r;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.6.14/policy/modules/services/fail2ban.te
--- nsaserefpolicy/policy/modules/services/fail2ban.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/fail2ban.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/fail2ban.te 2009-06-08 21:43:15.000000000 -0400
@@ -17,6 +17,9 @@
type fail2ban_log_t;
logging_log_file(fail2ban_log_t)
@@ -13620,7 +13381,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.6.14/policy/modules/services/fetchmail.te
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/fetchmail.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/fetchmail.te 2009-06-08 21:43:15.000000000 -0400
@@ -9,6 +9,7 @@
type fetchmail_t;
type fetchmail_exec_t;
@@ -13631,7 +13392,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_pid_file(fetchmail_var_run_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.fc serefpolicy-3.6.14/policy/modules/services/fprintd.fc
--- nsaserefpolicy/policy/modules/services/fprintd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/fprintd.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/fprintd.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,4 @@
+
+/usr/libexec/fprintd -- gen_context(system_u:object_r:fprintd_exec_t,s0)
@@ -13639,7 +13400,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/fprint(/.*)? gen_context(system_u:object_r:fprintd_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.if serefpolicy-3.6.14/policy/modules/services/fprintd.if
--- nsaserefpolicy/policy/modules/services/fprintd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/fprintd.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/fprintd.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,43 @@
+
+## <summary>policy for fprintd</summary>
@@ -13686,7 +13447,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.6.14/policy/modules/services/fprintd.te
--- nsaserefpolicy/policy/modules/services/fprintd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/fprintd.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/fprintd.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,52 @@
+policy_module(fprintd,1.0.0)
+
@@ -13742,7 +13503,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.14/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/ftp.te 2009-06-08 21:32:01.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ftp.te 2009-06-08 21:43:15.000000000 -0400
@@ -26,7 +26,7 @@
## <desc>
## <p>
@@ -13852,7 +13613,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.6.14/policy/modules/services/git.te
--- nsaserefpolicy/policy/modules/services/git.te 2009-04-07 15:53:35.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/git.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/git.te 2009-06-08 21:43:15.000000000 -0400
@@ -7,3 +7,4 @@
#
@@ -13860,14 +13621,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive httpd_git_script_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.14/policy/modules/services/gnomeclock.fc
--- nsaserefpolicy/policy/modules/services/gnomeclock.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/gnomeclock.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/gnomeclock.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.14/policy/modules/services/gnomeclock.if
--- nsaserefpolicy/policy/modules/services/gnomeclock.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/gnomeclock.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/gnomeclock.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,69 @@
+
+## <summary>policy for gnomeclock</summary>
@@ -13940,7 +13701,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.14/policy/modules/services/gnomeclock.te
--- nsaserefpolicy/policy/modules/services/gnomeclock.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/gnomeclock.te 2009-06-08 21:32:07.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/gnomeclock.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,49 @@
+policy_module(gnomeclock, 1.0.0)
+########################################
@@ -13993,7 +13754,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.if serefpolicy-3.6.14/policy/modules/services/gpm.if
--- nsaserefpolicy/policy/modules/services/gpm.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/gpm.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/gpm.if 2009-06-08 21:43:15.000000000 -0400
@@ -16,7 +16,7 @@
type gpmctl_t, gpm_t;
')
@@ -14005,7 +13766,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.14/policy/modules/services/gpm.te
--- nsaserefpolicy/policy/modules/services/gpm.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/gpm.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/gpm.te 2009-06-08 21:43:15.000000000 -0400
@@ -54,6 +54,8 @@
dev_rw_input_dev(gpm_t)
dev_rw_mouse(gpm_t)
@@ -14015,9 +13776,57 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(gpm_t)
fs_search_auto_mountpoints(gpm_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.14/policy/modules/services/gpsd.if
+--- nsaserefpolicy/policy/modules/services/gpsd.if 2009-06-08 15:22:17.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/gpsd.if 2009-06-08 22:05:31.000000000 -0400
+@@ -33,11 +33,6 @@
+ ## The role to be allowed the gpsd domain.
+ ## </summary>
+ ## </param>
+-## <param name="terminal">
+-## <summary>
+-## The type of the role's terminal.
+-## </summary>
+-## </param>
+ #
+ interface(`gpsd_run',`
+ gen_require(`
+@@ -46,7 +41,6 @@
+
+ gpsd_domtrans($1)
+ role $2 types gpsd_t;
+- allow gpsd_t $3:chr_file rw_term_perms;
+ ')
+
+ ########################################
+@@ -70,3 +64,24 @@
+ read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+ fs_search_tmpfs($1)
+ ')
++
++########################################
++## <summary>
++## Read/write gpsd tmpfs files.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`gpsd_rw_tmpfs_files',`
++ gen_require(`
++ type gpsd_tmpfs_t;
++ ')
++
++ fs_search_tmpfs($1)
++ allow $1 gpsd_tmpfs_t:dir list_dir_perms;
++ rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
++ read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.14/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/hal.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/hal.fc 2009-06-08 21:43:15.000000000 -0400
@@ -5,6 +5,7 @@
/usr/bin/hal-setup-keymap -- gen_context(system_u:object_r:hald_keymap_exec_t,s0)
@@ -14028,7 +13837,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.14/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/hal.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/hal.if 2009-06-08 21:43:15.000000000 -0400
@@ -20,6 +20,24 @@
########################################
@@ -14156,7 +13965,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.14/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/hal.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/hal.te 2009-06-08 21:43:15.000000000 -0400
@@ -49,6 +49,15 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -14346,7 +14155,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive hald_dccm_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-3.6.14/policy/modules/services/inetd.if
--- nsaserefpolicy/policy/modules/services/inetd.if 2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/inetd.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/inetd.if 2009-06-08 21:43:15.000000000 -0400
@@ -36,8 +36,7 @@
role system_r types $1;
@@ -14359,7 +14168,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.14/policy/modules/services/kerberos.fc
--- nsaserefpolicy/policy/modules/services/kerberos.fc 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/kerberos.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/kerberos.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,3 +1,6 @@
+HOME_DIR/\.k5login -- gen_context(system_u:object_r:krb5_home_t,s0)
+/root/\.k5login -- gen_context(system_u:object_r:krb5_home_t,s0)
@@ -14394,7 +14203,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.6.14/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/kerberos.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/kerberos.if 2009-06-08 21:43:15.000000000 -0400
@@ -70,6 +70,7 @@
interface(`kerberos_use',`
gen_require(`
@@ -14426,7 +14235,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.14/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/kerberos.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/kerberos.te 2009-06-08 21:43:15.000000000 -0400
@@ -33,6 +33,7 @@
type kpropd_t;
type kpropd_exec_t;
@@ -14455,7 +14264,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_exec_bin(kpropd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.14/policy/modules/services/kerneloops.if
--- nsaserefpolicy/policy/modules/services/kerneloops.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/kerneloops.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/kerneloops.if 2009-06-08 21:43:15.000000000 -0400
@@ -63,6 +63,25 @@
########################################
@@ -14500,7 +14309,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.14/policy/modules/services/kerneloops.te
--- nsaserefpolicy/policy/modules/services/kerneloops.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/kerneloops.te 2009-06-08 21:32:13.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/kerneloops.te 2009-06-08 21:43:15.000000000 -0400
@@ -13,6 +13,9 @@
type kerneloops_initrc_exec_t;
init_script_file(kerneloops_initrc_exec_t)
@@ -14542,7 +14351,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.14/policy/modules/services/ktalk.te
--- nsaserefpolicy/policy/modules/services/ktalk.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/ktalk.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ktalk.te 2009-06-08 21:43:15.000000000 -0400
@@ -69,6 +69,7 @@
files_read_etc_files(ktalkd_t)
@@ -14553,7 +14362,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.14/policy/modules/services/lircd.te
--- nsaserefpolicy/policy/modules/services/lircd.te 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/lircd.te 2009-06-08 21:32:18.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/lircd.te 2009-06-08 21:43:15.000000000 -0400
@@ -42,7 +42,17 @@
# /dev/lircd socket
manage_sock_files_pattern(lircd_t, lircd_sock_t, lircd_sock_t)
@@ -14574,7 +14383,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.6.14/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/lpd.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/lpd.if 2009-06-08 21:43:15.000000000 -0400
@@ -134,6 +134,7 @@
files_search_spool($1)
manage_dirs_pattern($1, print_spool_t, print_spool_t)
@@ -14585,7 +14394,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.14/policy/modules/services/mailman.fc
--- nsaserefpolicy/policy/modules/services/mailman.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/mailman.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/mailman.fc 2009-06-08 21:43:15.000000000 -0400
@@ -31,3 +31,4 @@
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
@@ -14593,7 +14402,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.14/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/mailman.if 2009-06-08 21:33:12.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/mailman.if 2009-06-08 21:43:15.000000000 -0400
@@ -31,6 +31,12 @@
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -14653,7 +14462,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.14/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/mailman.te 2009-06-08 21:29:58.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/mailman.te 2009-06-08 21:43:15.000000000 -0400
@@ -53,10 +53,8 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -14721,7 +14530,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.6.14/policy/modules/services/milter.fc
--- nsaserefpolicy/policy/modules/services/milter.fc 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/milter.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/milter.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,8 +1,15 @@
/usr/sbin/milter-regex -- gen_context(system_u:object_r:regex_milter_exec_t,s0)
-/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
@@ -14742,7 +14551,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.14/policy/modules/services/milter.if
--- nsaserefpolicy/policy/modules/services/milter.if 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/milter.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/milter.if 2009-06-08 21:43:15.000000000 -0400
@@ -24,7 +24,7 @@
# Type for the milter data (e.g. the socket used to communicate with the MTA)
@@ -14754,7 +14563,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.6.14/policy/modules/services/milter.te
--- nsaserefpolicy/policy/modules/services/milter.te 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/milter.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/milter.te 2009-06-08 21:43:15.000000000 -0400
@@ -63,3 +63,40 @@
# The main job of the milter is to pipe spam through spamc and act on the result
@@ -14798,7 +14607,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.14/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/mta.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/mta.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,4 +1,4 @@
-/bin/mail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
+/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -14831,7 +14640,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.14/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/mta.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/mta.if 2009-06-08 21:43:15.000000000 -0400
@@ -130,6 +130,15 @@
sendmail_create_log($1_mail_t)
')
@@ -14935,7 +14744,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.14/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/mta.te 2009-06-08 21:30:05.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/mta.te 2009-06-08 21:43:15.000000000 -0400
@@ -27,6 +27,9 @@
type mail_spool_t;
files_mountpoint(mail_spool_t)
@@ -15082,7 +14891,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# User send mail local policy
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.14/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/munin.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/munin.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,4 +1,5 @@
/etc/munin(/.*)? gen_context(system_u:object_r:munin_etc_t,s0)
+/etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0)
@@ -15102,7 +14911,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.14/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/munin.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/munin.if 2009-06-08 21:43:15.000000000 -0400
@@ -59,8 +59,9 @@
type munin_log_t;
')
@@ -15172,7 +14981,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.14/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/munin.te 2009-06-08 21:30:09.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/munin.te 2009-06-08 21:43:15.000000000 -0400
@@ -13,6 +13,9 @@
type munin_etc_t alias lrrd_etc_t;
files_config_file(munin_etc_t)
@@ -15308,7 +15117,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.14/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/nagios.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nagios.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,16 +1,19 @@
/etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0)
/etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -15335,7 +15144,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.14/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/nagios.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nagios.if 2009-06-08 21:43:15.000000000 -0400
@@ -44,7 +44,7 @@
########################################
@@ -15457,7 +15266,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.14/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/nagios.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nagios.te 2009-06-08 21:43:15.000000000 -0400
@@ -10,13 +10,12 @@
type nagios_exec_t;
init_daemon_domain(nagios_t, nagios_exec_t)
@@ -15555,7 +15364,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.14/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/networkmanager.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/networkmanager.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,12 +1,25 @@
+/etc/rc\.d/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -15584,7 +15393,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.14/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/networkmanager.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/networkmanager.if 2009-06-08 21:43:15.000000000 -0400
@@ -118,6 +118,24 @@
########################################
@@ -15643,7 +15452,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.14/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/networkmanager.te 2009-06-08 21:30:15.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/networkmanager.te 2009-06-08 21:43:15.000000000 -0400
@@ -19,6 +19,9 @@
type NetworkManager_tmp_t;
files_tmp_file(NetworkManager_tmp_t)
@@ -15871,7 +15680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.14/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/nis.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nis.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,9 +1,13 @@
-
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -15889,7 +15698,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.14/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/nis.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nis.if 2009-06-08 21:43:15.000000000 -0400
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -16069,7 +15878,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.14/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/nis.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nis.te 2009-06-08 21:43:15.000000000 -0400
@@ -13,6 +13,9 @@
type ypbind_exec_t;
init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -16146,7 +15955,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_all_ports(ypxfr_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.14/policy/modules/services/nscd.fc
--- nsaserefpolicy/policy/modules/services/nscd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/nscd.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nscd.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/nscd -- gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
@@ -16154,7 +15963,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.14/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/nscd.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nscd.if 2009-06-08 21:43:15.000000000 -0400
@@ -58,6 +58,42 @@
########################################
@@ -16279,7 +16088,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.14/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/nscd.te 2009-06-08 21:30:21.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nscd.te 2009-06-08 21:43:15.000000000 -0400
@@ -20,6 +20,9 @@
type nscd_exec_t;
init_daemon_domain(nscd_t, nscd_exec_t)
@@ -16371,7 +16180,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.14/policy/modules/services/ntp.if
--- nsaserefpolicy/policy/modules/services/ntp.if 2009-06-08 15:22:17.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/ntp.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ntp.if 2009-06-08 21:43:15.000000000 -0400
@@ -37,6 +37,32 @@
########################################
@@ -16472,7 +16281,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.14/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2009-06-08 15:22:17.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/ntp.te 2009-06-08 21:30:26.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ntp.te 2009-06-08 21:43:15.000000000 -0400
@@ -41,10 +41,11 @@
# sys_resource and setrlimit is for locking memory
@@ -16513,7 +16322,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.14/policy/modules/services/nx.te
--- nsaserefpolicy/policy/modules/services/nx.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/nx.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/nx.te 2009-06-08 21:43:15.000000000 -0400
@@ -25,6 +25,9 @@
type nx_server_var_run_t;
files_pid_file(nx_server_var_run_t)
@@ -16536,7 +16345,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.14/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/oddjob.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/oddjob.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,4 +1,4 @@
-/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -16545,7 +16354,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.14/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/oddjob.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/oddjob.if 2009-06-08 21:43:15.000000000 -0400
@@ -44,6 +44,7 @@
')
@@ -16585,7 +16394,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.14/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/oddjob.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/oddjob.te 2009-06-08 21:43:15.000000000 -0400
@@ -10,14 +10,21 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -16644,7 +16453,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.14/policy/modules/services/pads.fc
--- nsaserefpolicy/policy/modules/services/pads.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/pads.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/pads.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,12 @@
+
+/etc/pads-ether-codes -- gen_context(system_u:object_r:pads_config_t, s0)
@@ -16660,7 +16469,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.14/policy/modules/services/pads.if
--- nsaserefpolicy/policy/modules/services/pads.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/pads.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/pads.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,44 @@
+## <summary>SELinux policy for PADS daemon.</summary>
+## <desc>
@@ -16708,7 +16517,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.14/policy/modules/services/pads.te
--- nsaserefpolicy/policy/modules/services/pads.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/pads.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/pads.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,65 @@
+
+policy_module(pads, 0.0.1)
@@ -16777,7 +16586,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.14/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/pegasus.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/pegasus.te 2009-06-08 21:43:15.000000000 -0400
@@ -30,7 +30,7 @@
# Local policy
#
@@ -16851,7 +16660,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.14/policy/modules/services/polkit.fc
--- nsaserefpolicy/policy/modules/services/polkit.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/polkit.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/polkit.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,11 @@
+
+/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -16866,7 +16675,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/misc/PolicyKit.reload gen_context(system_u:object_r:polkit_reload_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.14/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/polkit.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/polkit.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,241 @@
+
+## <summary>policy for polkit_auth</summary>
@@ -17111,7 +16920,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.14/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/polkit.te 2009-06-08 21:30:32.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/polkit.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,235 @@
+policy_module(polkit_auth, 1.0.0)
+
@@ -17350,7 +17159,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.14/policy/modules/services/portreserve.te
--- nsaserefpolicy/policy/modules/services/portreserve.te 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/portreserve.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/portreserve.te 2009-06-08 21:43:15.000000000 -0400
@@ -37,9 +37,12 @@
manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
@@ -17368,7 +17177,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(portreserve_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.14/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/postfix.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/postfix.fc 2009-06-08 21:43:15.000000000 -0400
@@ -29,12 +29,10 @@
/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -17384,7 +17193,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.14/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/postfix.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/postfix.if 2009-06-08 21:43:15.000000000 -0400
@@ -46,6 +46,7 @@
allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -17619,7 +17428,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.14/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/postfix.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/postfix.te 2009-06-08 21:43:15.000000000 -0400
@@ -6,6 +6,15 @@
# Declarations
#
@@ -17999,7 +17808,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.14/policy/modules/services/postgresql.fc
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/postgresql.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/postgresql.fc 2009-06-08 21:43:15.000000000 -0400
@@ -2,6 +2,7 @@
# /etc
#
@@ -18010,7 +17819,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /usr
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.14/policy/modules/services/postgresql.if
--- nsaserefpolicy/policy/modules/services/postgresql.if 2009-05-22 10:28:56.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/postgresql.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/postgresql.if 2009-06-08 21:43:15.000000000 -0400
@@ -64,7 +64,7 @@
allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };
type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
@@ -18078,7 +17887,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.14/policy/modules/services/postgresql.te
--- nsaserefpolicy/policy/modules/services/postgresql.te 2009-05-22 10:28:56.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/postgresql.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/postgresql.te 2009-06-08 21:43:15.000000000 -0400
@@ -32,6 +32,9 @@
type postgresql_etc_t;
files_config_file(postgresql_etc_t)
@@ -18107,7 +17916,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_auth_port(postgresql_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.14/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/ppp.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ppp.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,7 +1,7 @@
#
# /etc
@@ -18130,7 +17939,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# /sbin
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.14/policy/modules/services/ppp.if
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/ppp.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ppp.if 2009-06-08 21:43:15.000000000 -0400
@@ -58,6 +58,25 @@
########################################
@@ -18233,7 +18042,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.14/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/ppp.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ppp.te 2009-06-08 21:43:15.000000000 -0400
@@ -37,8 +37,8 @@
type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)
@@ -18371,7 +18180,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.6.14/policy/modules/services/prelude.fc
--- nsaserefpolicy/policy/modules/services/prelude.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/prelude.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/prelude.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,3 +1,9 @@
+/etc/prelude-correlator(/.*)? gen_context(system_u:object_r:prelude_correlator_config_t, s0)
+
@@ -18400,7 +18209,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.6.14/policy/modules/services/prelude.if
--- nsaserefpolicy/policy/modules/services/prelude.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/prelude.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/prelude.if 2009-06-08 21:43:15.000000000 -0400
@@ -6,7 +6,7 @@
## </summary>
## <param name="domain">
@@ -18515,7 +18324,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.14/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/prelude.te 2009-06-08 21:30:39.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/prelude.te 2009-06-08 21:43:15.000000000 -0400
@@ -13,25 +13,57 @@
type prelude_spool_t;
files_type(prelude_spool_t)
@@ -18786,7 +18595,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mysql_search_db(httpd_prewikka_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.14/policy/modules/services/privoxy.te
--- nsaserefpolicy/policy/modules/services/privoxy.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/privoxy.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/privoxy.te 2009-06-08 21:43:15.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -18831,7 +18640,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.14/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/procmail.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/procmail.te 2009-06-08 21:43:15.000000000 -0400
@@ -77,6 +77,7 @@
files_read_usr_files(procmail_t)
@@ -18870,7 +18679,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.14/policy/modules/services/pyzor.fc
--- nsaserefpolicy/policy/modules/services/pyzor.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/pyzor.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/pyzor.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,6 +1,10 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -18884,7 +18693,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.14/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/pyzor.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/pyzor.if 2009-06-08 21:43:15.000000000 -0400
@@ -88,3 +88,50 @@
corecmd_search_bin($1)
can_exec($1, pyzor_exec_t)
@@ -18938,7 +18747,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.14/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/pyzor.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/pyzor.te 2009-06-08 21:43:15.000000000 -0400
@@ -6,6 +6,38 @@
# Declarations
#
@@ -18997,7 +18806,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.6.14/policy/modules/services/razor.fc
--- nsaserefpolicy/policy/modules/services/razor.fc 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/razor.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/razor.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,3 +1,4 @@
+/root/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
@@ -19005,7 +18814,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/etc/razor(/.*)? gen_context(system_u:object_r:razor_etc_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.14/policy/modules/services/razor.if
--- nsaserefpolicy/policy/modules/services/razor.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/razor.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/razor.if 2009-06-08 21:43:15.000000000 -0400
@@ -157,3 +157,45 @@
domtrans_pattern($1, razor_exec_t, razor_t)
@@ -19054,7 +18863,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.14/policy/modules/services/razor.te
--- nsaserefpolicy/policy/modules/services/razor.te 2009-01-19 11:07:32.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/razor.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/razor.te 2009-06-08 21:43:15.000000000 -0400
@@ -6,6 +6,32 @@
# Declarations
#
@@ -19108,7 +18917,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.6.14/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/rhgb.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/rhgb.te 2009-06-08 21:43:15.000000000 -0400
@@ -118,7 +118,7 @@
xserver_domtrans(rhgb_t)
xserver_signal(rhgb_t)
@@ -19120,7 +18929,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
consoletype_exec(rhgb_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.14/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/ricci.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ricci.te 2009-06-08 21:43:15.000000000 -0400
@@ -133,6 +133,8 @@
dev_read_urand(ricci_t)
@@ -19227,7 +19036,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ccs_read_config(ricci_modstorage_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.fc serefpolicy-3.6.14/policy/modules/services/rlogin.fc
--- nsaserefpolicy/policy/modules/services/rlogin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/rlogin.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/rlogin.fc 2009-06-08 21:43:15.000000000 -0400
@@ -4,3 +4,5 @@
/usr/lib(64)?/telnetlogin -- gen_context(system_u:object_r:rlogind_exec_t,s0)
@@ -19236,7 +19045,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+HOME_DIR/\.rlogin -- gen_context(system_u:object_r:rlogind_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.if serefpolicy-3.6.14/policy/modules/services/rlogin.if
--- nsaserefpolicy/policy/modules/services/rlogin.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/rlogin.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/rlogin.if 2009-06-08 21:43:15.000000000 -0400
@@ -18,3 +18,30 @@
corecmd_search_bin($1)
domtrans_pattern($1, rlogind_exec_t, rlogind_t)
@@ -19270,7 +19079,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.6.14/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/rlogin.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/rlogin.te 2009-06-08 21:43:15.000000000 -0400
@@ -20,6 +20,9 @@
type rlogind_var_run_t;
files_pid_file(rlogind_var_run_t)
@@ -19292,7 +19101,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_read_config(rlogind_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.14/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/rpc.te 2009-06-08 21:31:11.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/rpc.te 2009-06-08 21:43:15.000000000 -0400
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -19397,7 +19206,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.14/policy/modules/services/rshd.te
--- nsaserefpolicy/policy/modules/services/rshd.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/rshd.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/rshd.te 2009-06-08 21:43:15.000000000 -0400
@@ -51,7 +51,7 @@
files_list_home(rshd_t)
@@ -19420,7 +19229,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.14/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/rsync.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/rsync.te 2009-06-08 21:43:15.000000000 -0400
@@ -8,6 +8,13 @@
## <desc>
@@ -19457,7 +19266,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_can_read_shadow_passwords(rsync_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.14/policy/modules/services/samba.fc
--- nsaserefpolicy/policy/modules/services/samba.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/samba.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/samba.fc 2009-06-08 21:43:15.000000000 -0400
@@ -2,6 +2,9 @@
#
# /etc
@@ -19486,7 +19295,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.14/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/samba.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/samba.if 2009-06-08 21:43:15.000000000 -0400
@@ -4,6 +4,45 @@
## from Windows NT servers.
## </summary>
@@ -19886,7 +19695,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.14/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/samba.te 2009-06-08 21:27:52.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/samba.te 2009-06-08 21:43:15.000000000 -0400
@@ -66,6 +66,13 @@
## </desc>
gen_tunable(samba_share_nfs, false)
@@ -20344,7 +20153,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow smbcontrol_t nmbd_var_run_t:file { read lock };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.14/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/sasl.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/sasl.te 2009-06-08 21:43:15.000000000 -0400
@@ -99,6 +99,7 @@
optional_policy(`
@@ -20366,7 +20175,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.14/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/sendmail.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/sendmail.if 2009-06-08 21:43:15.000000000 -0400
@@ -59,20 +59,20 @@
########################################
@@ -20496,7 +20305,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.14/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/sendmail.te 2009-06-08 21:27:58.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/sendmail.te 2009-06-08 21:43:15.000000000 -0400
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -20670,7 +20479,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.14/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/setroubleshoot.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/setroubleshoot.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,3 +1,5 @@
+/etc/rc\.d/init\.d/setroubleshoot -- gen_context(system_u:object_r:setroubleshoot_initrc_exec_t,s0)
+
@@ -20679,7 +20488,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.14/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/setroubleshoot.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/setroubleshoot.if 2009-06-08 21:43:15.000000000 -0400
@@ -16,8 +16,8 @@
')
@@ -20764,7 +20573,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.14/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/setroubleshoot.te 2009-06-08 21:28:03.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/setroubleshoot.te 2009-06-08 21:43:15.000000000 -0400
@@ -11,6 +11,9 @@
domain_type(setroubleshootd_t)
init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
@@ -20853,7 +20662,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
rpm_use_script_fds(setroubleshootd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.fc serefpolicy-3.6.14/policy/modules/services/shorewall.fc
--- nsaserefpolicy/policy/modules/services/shorewall.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/shorewall.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/shorewall.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,12 @@
+
+/etc/rc\.d/init\.d/shorewall -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
@@ -20869,7 +20678,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.if serefpolicy-3.6.14/policy/modules/services/shorewall.if
--- nsaserefpolicy/policy/modules/services/shorewall.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/shorewall.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/shorewall.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,166 @@
+## <summary>policy for shorewall</summary>
+
@@ -21039,7 +20848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.te serefpolicy-3.6.14/policy/modules/services/shorewall.te
--- nsaserefpolicy/policy/modules/services/shorewall.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/shorewall.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/shorewall.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,102 @@
+policy_module(shorewall,1.0.0)
+
@@ -21145,7 +20954,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.14/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/smartmon.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/smartmon.te 2009-06-08 21:43:15.000000000 -0400
@@ -19,6 +19,10 @@
type fsdaemon_tmp_t;
files_tmp_file(fsdaemon_tmp_t)
@@ -21205,7 +21014,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.6.14/policy/modules/services/snort.if
--- nsaserefpolicy/policy/modules/services/snort.if 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/snort.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/snort.if 2009-06-08 21:43:15.000000000 -0400
@@ -38,6 +38,7 @@
interface(`snort_admin',`
gen_require(`
@@ -21216,7 +21025,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.6.14/policy/modules/services/snort.te
--- nsaserefpolicy/policy/modules/services/snort.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/snort.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/snort.te 2009-06-08 21:43:15.000000000 -0400
@@ -56,6 +56,7 @@
files_pid_filetrans(snort_t, snort_var_run_t, file)
@@ -21249,7 +21058,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.14/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/spamassassin.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/spamassassin.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,15 +1,25 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamassassin_home_t,s0)
+/root/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
@@ -21281,7 +21090,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.14/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/spamassassin.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/spamassassin.if 2009-06-08 21:43:15.000000000 -0400
@@ -111,6 +111,7 @@
')
@@ -21370,7 +21179,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.14/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/spamassassin.te 2009-06-08 21:28:08.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/spamassassin.te 2009-06-08 21:43:15.000000000 -0400
@@ -20,6 +20,35 @@
## </desc>
gen_tunable(spamd_enable_home_dirs, true)
@@ -21670,7 +21479,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.14/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/squid.te 2009-06-08 21:29:27.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/squid.te 2009-06-08 21:43:15.000000000 -0400
@@ -118,6 +118,8 @@
fs_getattr_all_fs(squid_t)
@@ -21691,7 +21500,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.6.14/policy/modules/services/ssh.fc
--- nsaserefpolicy/policy/modules/services/ssh.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/ssh.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ssh.fc 2009-06-08 21:43:15.000000000 -0400
@@ -14,3 +14,5 @@
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
@@ -21700,7 +21509,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/root/\.ssh(/.*)? gen_context(system_u:object_r:home_ssh_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.14/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/ssh.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ssh.if 2009-06-08 21:43:15.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -21985,7 +21794,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.14/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/ssh.te 2009-06-08 21:29:34.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ssh.te 2009-06-08 21:43:15.000000000 -0400
@@ -41,6 +41,9 @@
files_tmp_file(sshd_tmp_t)
files_poly_parent(sshd_tmp_t)
@@ -22155,7 +21964,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.6.14/policy/modules/services/sssd.fc
--- nsaserefpolicy/policy/modules/services/sssd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/sssd.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/sssd.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,6 @@
+
+/usr/sbin/sssd -- gen_context(system_u:object_r:sssd_exec_t,s0)
@@ -22165,7 +21974,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/sss(/.*)? gen_context(system_u:object_r:sssd_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.6.14/policy/modules/services/sssd.if
--- nsaserefpolicy/policy/modules/services/sssd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/sssd.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/sssd.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,249 @@
+
+## <summary>policy for sssd</summary>
@@ -22418,7 +22227,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.6.14/policy/modules/services/sssd.te
--- nsaserefpolicy/policy/modules/services/sssd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/sssd.te 2009-06-08 21:28:15.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/sssd.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,72 @@
+policy_module(sssd,1.0.0)
+
@@ -22494,7 +22303,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.6.14/policy/modules/services/tftp.if
--- nsaserefpolicy/policy/modules/services/tftp.if 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/tftp.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/tftp.if 2009-06-08 21:43:15.000000000 -0400
@@ -2,6 +2,24 @@
########################################
@@ -22522,7 +22331,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.if serefpolicy-3.6.14/policy/modules/services/ulogd.if
--- nsaserefpolicy/policy/modules/services/ulogd.if 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/ulogd.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/ulogd.if 2009-06-08 21:43:15.000000000 -0400
@@ -60,6 +60,25 @@
read_files_pattern($1, ulogd_var_log_t, ulogd_var_log_t)
')
@@ -22551,7 +22360,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Allow the specified domain to append to ulogd's log files.
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.14/policy/modules/services/uucp.te
--- nsaserefpolicy/policy/modules/services/uucp.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/uucp.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/uucp.te 2009-06-08 21:43:15.000000000 -0400
@@ -129,6 +129,7 @@
optional_policy(`
mta_send_mail(uux_t)
@@ -22562,7 +22371,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.fc serefpolicy-3.6.14/policy/modules/services/varnishd.fc
--- nsaserefpolicy/policy/modules/services/varnishd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/varnishd.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/varnishd.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,20 @@
+
+/etc/rc\.d/init\.d/varnish -- gen_context(system_u:object_r:varnishd_initrc_exec_t,s0)
@@ -22586,7 +22395,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.if serefpolicy-3.6.14/policy/modules/services/varnishd.if
--- nsaserefpolicy/policy/modules/services/varnishd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/varnishd.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/varnishd.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,202 @@
+## <summary>Varnishd http accelerator daemon</summary>
+
@@ -22792,7 +22601,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.te serefpolicy-3.6.14/policy/modules/services/varnishd.te
--- nsaserefpolicy/policy/modules/services/varnishd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/varnishd.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/varnishd.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,137 @@
+policy_module(varnishd,1.0.0)
+
@@ -22933,7 +22742,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive varnishlog_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.14/policy/modules/services/virt.fc
--- nsaserefpolicy/policy/modules/services/virt.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/virt.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/virt.fc 2009-06-08 21:43:15.000000000 -0400
@@ -8,5 +8,16 @@
/var/lib/libvirt(/.*)? gen_context(system_u:object_r:virt_var_lib_t,s0)
@@ -22953,7 +22762,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.6.14/policy/modules/services/virt.if
--- nsaserefpolicy/policy/modules/services/virt.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/virt.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/virt.if 2009-06-08 21:43:15.000000000 -0400
@@ -2,28 +2,6 @@
########################################
@@ -23117,7 +22926,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.14/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/virt.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/virt.te 2009-06-08 21:43:15.000000000 -0400
@@ -8,19 +8,31 @@
## <desc>
@@ -23438,7 +23247,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.6.14/policy/modules/services/w3c.te
--- nsaserefpolicy/policy/modules/services/w3c.te 2008-08-25 09:12:31.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/w3c.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/w3c.te 2009-06-08 21:43:15.000000000 -0400
@@ -8,11 +8,18 @@
apache_content_template(w3c_validator)
@@ -23460,7 +23269,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.14/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/xserver.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/xserver.fc 2009-06-08 21:43:15.000000000 -0400
@@ -3,12 +3,16 @@
#
HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -23530,7 +23339,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.14/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/xserver.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/xserver.if 2009-06-08 21:43:15.000000000 -0400
@@ -90,7 +90,7 @@
allow $2 xauth_home_t:file manage_file_perms;
allow $2 xauth_home_t:file { relabelfrom relabelto };
@@ -24180,7 +23989,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.14/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/services/xserver.te 2009-06-08 21:32:28.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/xserver.te 2009-06-08 21:43:15.000000000 -0400
@@ -34,6 +34,13 @@
## <desc>
@@ -24911,7 +24720,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.6.14/policy/modules/services/zosremote.if
--- nsaserefpolicy/policy/modules/services/zosremote.if 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/services/zosremote.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/services/zosremote.if 2009-06-08 21:43:15.000000000 -0400
@@ -12,7 +12,7 @@
#
interface(`zosremote_domtrans',`
@@ -24923,7 +24732,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domtrans_pattern($1, zos_remote_exec_t, zos_remote_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-3.6.14/policy/modules/system/application.if
--- nsaserefpolicy/policy/modules/system/application.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/application.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/application.if 2009-06-08 21:43:15.000000000 -0400
@@ -2,7 +2,7 @@
########################################
@@ -24957,7 +24766,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.6.14/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/application.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/application.te 2009-06-08 21:43:15.000000000 -0400
@@ -7,8 +7,18 @@
# Executables to be run by user
attribute application_exec_type;
@@ -24979,7 +24788,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.14/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/authlogin.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/authlogin.fc 2009-06-08 21:43:15.000000000 -0400
@@ -7,12 +7,10 @@
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
@@ -25008,7 +24817,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.14/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/authlogin.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/authlogin.if 2009-06-08 21:43:15.000000000 -0400
@@ -43,22 +43,42 @@
interface(`auth_login_pgm_domain',`
gen_require(`
@@ -25357,7 +25166,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.14/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/authlogin.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/authlogin.te 2009-06-08 21:43:15.000000000 -0400
@@ -12,7 +12,7 @@
type chkpwd_t, can_read_shadow_passwords;
@@ -25439,7 +25248,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mls_file_read_all_levels(pam_console_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.14/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/fstools.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/fstools.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -25455,7 +25264,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.6.14/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/fstools.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/fstools.te 2009-06-08 21:43:15.000000000 -0400
@@ -97,6 +97,10 @@
fs_getattr_tmpfs_dirs(fsadm_t)
fs_read_tmpfs_symlinks(fsadm_t)
@@ -25486,7 +25295,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.6.14/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/hostname.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/hostname.te 2009-06-08 21:43:15.000000000 -0400
@@ -8,7 +8,9 @@
type hostname_t;
@@ -25500,7 +25309,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.14/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/init.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/init.fc 2009-06-08 21:43:15.000000000 -0400
@@ -4,10 +4,10 @@
/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -25525,7 +25334,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.14/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/init.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/init.if 2009-06-08 21:43:15.000000000 -0400
@@ -174,6 +174,7 @@
role system_r types $1;
@@ -25736,7 +25545,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.14/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/init.te 2009-06-08 21:28:43.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/init.te 2009-06-08 21:43:15.000000000 -0400
@@ -17,6 +17,20 @@
## </desc>
gen_tunable(init_upstart,false)
@@ -26116,7 +25925,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.14/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/ipsec.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/ipsec.te 2009-06-08 21:43:15.000000000 -0400
@@ -55,7 +55,7 @@
allow ipsec_t self:capability { net_admin dac_override dac_read_search };
@@ -26185,7 +25994,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ipsec_setcontext_default_spd(setkey_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.6.14/policy/modules/system/iptables.fc
--- nsaserefpolicy/policy/modules/system/iptables.fc 2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/iptables.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/iptables.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,9 +1,10 @@
-/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
@@ -26204,7 +26013,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/var/lib/shorewall(/.*)? -- gen_context(system_u:object_r:iptables_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.14/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/iptables.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/iptables.te 2009-06-08 21:43:15.000000000 -0400
@@ -53,6 +53,7 @@
mls_file_read_all_levels(iptables_t)
@@ -26215,7 +26024,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.6.14/policy/modules/system/iscsi.if
--- nsaserefpolicy/policy/modules/system/iscsi.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/iscsi.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/iscsi.if 2009-06-08 21:43:15.000000000 -0400
@@ -17,3 +17,43 @@
domtrans_pattern($1,iscsid_exec_t,iscsid_t)
@@ -26262,7 +26071,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.14/policy/modules/system/iscsi.te
--- nsaserefpolicy/policy/modules/system/iscsi.te 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/iscsi.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/iscsi.te 2009-06-08 21:43:15.000000000 -0400
@@ -55,6 +55,7 @@
files_pid_filetrans(iscsid_t,iscsi_var_run_t,file)
@@ -26282,7 +26091,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_localization(iscsid_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.14/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-06-08 15:22:18.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/libraries.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/libraries.fc 2009-06-08 21:43:15.000000000 -0400
@@ -60,12 +60,15 @@
#
# /opt
@@ -26482,7 +26291,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/ICAClient/.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.6.14/policy/modules/system/libraries.if
--- nsaserefpolicy/policy/modules/system/libraries.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/libraries.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/libraries.if 2009-06-08 21:43:15.000000000 -0400
@@ -60,7 +60,7 @@
type lib_t, ld_so_t, ld_so_cache_t;
')
@@ -26512,7 +26321,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mmap_files_pattern($1,lib_t,{ lib_t textrel_shlib_t })
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.14/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2009-06-08 15:22:18.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/libraries.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/libraries.te 2009-06-08 21:43:15.000000000 -0400
@@ -52,11 +52,11 @@
# ldconfig local policy
#
@@ -26571,7 +26380,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.14/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/locallogin.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/locallogin.te 2009-06-08 21:43:15.000000000 -0400
@@ -67,6 +67,7 @@
dev_setattr_power_mgmt_dev(local_login_t)
dev_getattr_sound_dev(local_login_t)
@@ -26660,7 +26469,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.14/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/logging.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/logging.fc 2009-06-08 21:43:15.000000000 -0400
@@ -53,15 +53,18 @@
/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0)
')
@@ -26686,7 +26495,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.6.14/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/logging.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/logging.if 2009-06-08 21:43:15.000000000 -0400
@@ -623,7 +623,7 @@
')
@@ -26707,7 +26516,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.14/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/logging.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/logging.te 2009-06-08 21:43:15.000000000 -0400
@@ -126,7 +126,7 @@
allow auditd_t self:process { signal_perms setpgid setsched };
allow auditd_t self:file rw_file_perms;
@@ -26802,7 +26611,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.6.14/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/lvm.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/lvm.te 2009-06-08 21:43:15.000000000 -0400
@@ -10,6 +10,9 @@
type clvmd_exec_t;
init_daemon_domain(clvmd_t, clvmd_exec_t)
@@ -26891,7 +26700,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
modutils_domtrans_insmod(lvm_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.6.14/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2009-03-20 12:39:40.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/miscfiles.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/miscfiles.if 2009-06-08 21:43:15.000000000 -0400
@@ -87,6 +87,25 @@
########################################
@@ -26920,7 +26729,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.6.14/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/modutils.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/modutils.te 2009-06-08 21:43:15.000000000 -0400
@@ -42,7 +42,7 @@
# insmod local policy
#
@@ -27035,7 +26844,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.6.14/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/mount.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/mount.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,4 +1,9 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -27049,7 +26858,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.14/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/mount.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/mount.if 2009-06-08 21:43:15.000000000 -0400
@@ -43,9 +43,11 @@
mount_domtrans($1)
@@ -27087,7 +26896,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.14/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/mount.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/mount.te 2009-06-08 21:43:15.000000000 -0400
@@ -18,17 +18,22 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -27313,7 +27122,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.14/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/selinuxutil.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/selinuxutil.fc 2009-06-08 21:43:15.000000000 -0400
@@ -6,13 +6,13 @@
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
@@ -27354,7 +27163,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.6.14/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/selinuxutil.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/selinuxutil.if 2009-06-08 21:43:15.000000000 -0400
@@ -535,6 +535,53 @@
########################################
@@ -27745,7 +27554,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.14/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/selinuxutil.te 2009-06-08 21:32:55.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/selinuxutil.te 2009-06-08 21:43:15.000000000 -0400
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -28111,7 +27920,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.6.14/policy/modules/system/setrans.if
--- nsaserefpolicy/policy/modules/system/setrans.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/setrans.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/setrans.if 2009-06-08 21:43:15.000000000 -0400
@@ -21,3 +21,23 @@
stream_connect_pattern($1,setrans_var_run_t,setrans_var_run_t,setrans_t)
files_list_pids($1)
@@ -28138,7 +27947,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.14/policy/modules/system/sysnetwork.fc
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/sysnetwork.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/sysnetwork.fc 2009-06-08 21:43:15.000000000 -0400
@@ -11,15 +11,20 @@
/etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0)
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -28169,7 +27978,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.14/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/sysnetwork.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/sysnetwork.if 2009-06-08 21:43:15.000000000 -0400
@@ -43,6 +43,39 @@
sysnet_domtrans_dhcpc($1)
@@ -28340,7 +28149,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.14/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/sysnetwork.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/sysnetwork.te 2009-06-08 21:43:15.000000000 -0400
@@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -28528,7 +28337,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
xen_append_log(ifconfig_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.14/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2009-04-07 15:53:36.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/udev.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/udev.te 2009-06-08 21:43:15.000000000 -0400
@@ -50,6 +50,7 @@
allow udev_t self:unix_stream_socket connectto;
allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -28589,7 +28398,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
xen_manage_log(udev_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.6.14/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.6.14/policy/modules/system/unconfined.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/unconfined.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,16 +1 @@
# Add programs here which should not be confined by SELinux
-# e.g.:
@@ -28609,7 +28418,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.14/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/unconfined.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/unconfined.if 2009-06-08 21:43:15.000000000 -0400
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -29105,7 +28914,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.6.14/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/unconfined.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/unconfined.te 2009-06-08 21:43:15.000000000 -0400
@@ -1,231 +1,9 @@
-policy_module(unconfined, 3.0.0)
@@ -29342,7 +29151,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.14/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/userdomain.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/userdomain.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,4 +1,7 @@
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
+HOME_DIR -l gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -29354,7 +29163,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.14/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/userdomain.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/userdomain.if 2009-06-08 21:43:15.000000000 -0400
@@ -30,8 +30,9 @@
')
@@ -31313,7 +31122,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.14/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/userdomain.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/userdomain.te 2009-06-08 21:43:15.000000000 -0400
@@ -8,13 +8,6 @@
## <desc>
@@ -31401,12 +31210,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow userdomain userdomain:process signull;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.fc serefpolicy-3.6.14/policy/modules/system/virtual.fc
--- nsaserefpolicy/policy/modules/system/virtual.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/virtual.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/virtual.fc 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1 @@
+# No application file contexts.
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.if serefpolicy-3.6.14/policy/modules/system/virtual.if
--- nsaserefpolicy/policy/modules/system/virtual.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/virtual.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/virtual.if 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,119 @@
+## <summary>Virtual machine emulator and virtualizer</summary>
+
@@ -31529,7 +31338,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.14/policy/modules/system/virtual.te
--- nsaserefpolicy/policy/modules/system/virtual.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/virtual.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/virtual.te 2009-06-08 21:43:15.000000000 -0400
@@ -0,0 +1,79 @@
+
+policy_module(virtualization, 1.1.2)
@@ -31612,7 +31421,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.6.14/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/xen.fc 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/xen.fc 2009-06-08 21:43:15.000000000 -0400
@@ -1,32 +1,31 @@
/dev/xen/tapctrl.* -p gen_context(system_u:object_r:xenctl_t,s0)
@@ -31654,7 +31463,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.6.14/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/xen.if 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/xen.if 2009-06-08 21:43:15.000000000 -0400
@@ -71,6 +71,8 @@
')
@@ -31729,7 +31538,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.14/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.14/policy/modules/system/xen.te 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/modules/system/xen.te 2009-06-08 21:43:15.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -32026,7 +31835,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/ipc_patterns.spt serefpolicy-3.6.14/policy/support/ipc_patterns.spt
--- nsaserefpolicy/policy/support/ipc_patterns.spt 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.14/policy/support/ipc_patterns.spt 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/support/ipc_patterns.spt 2009-06-08 21:43:15.000000000 -0400
@@ -3,12 +3,12 @@
#
define(`stream_connect_pattern',`
@@ -32044,7 +31853,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.14/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.14/policy/support/obj_perm_sets.spt 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/support/obj_perm_sets.spt 2009-06-08 21:43:15.000000000 -0400
@@ -201,7 +201,7 @@
define(`setattr_file_perms',`{ setattr }')
define(`read_file_perms',`{ getattr open read lock ioctl }')
@@ -32079,7 +31888,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+define(`manage_key_perms', `{ create link read search setattr view write } ')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.14/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.14/policy/users 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/policy/users 2009-06-08 21:43:15.000000000 -0400
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
@@ -32106,7 +31915,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.6.14/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/Rules.modular 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/Rules.modular 2009-06-08 21:43:15.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -32138,7 +31947,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rul
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.6.14/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2008-11-11 16:13:50.000000000 -0500
-+++ serefpolicy-3.6.14/support/Makefile.devel 2009-06-08 21:21:19.000000000 -0400
++++ serefpolicy-3.6.14/support/Makefile.devel 2009-06-08 21:43:15.000000000 -0400
@@ -185,8 +185,7 @@
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
diff --git a/sources b/sources
index 0af380e..e9af33e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-4872394e39e63a985e3463ca443567cc serefpolicy-3.6.13.tgz
+8194456ed5e1f5fb82691570b6cb053c serefpolicy-3.6.14.tgz