-@@ -962,11 +1017,58 @@
+@@ -962,11 +1023,58 @@
##
##
#
@@ -11026,7 +11099,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##############################
#
-@@ -976,25 +1078,11 @@
+@@ -976,25 +1084,11 @@
# Inherit rules for ordinary users.
userdom_common_user_template($1)
@@ -11052,7 +11125,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
# port access is audited even if dac would not have allowed it, so dontaudit it here
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
# Need the following rule to allow users to run vpnc
-@@ -1033,14 +1121,6 @@
+@@ -1033,14 +1127,6 @@
')
optional_policy(`
@@ -11067,7 +11140,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
netutils_run_ping_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
')
-@@ -1054,17 +1134,6 @@
+@@ -1054,17 +1140,6 @@
setroubleshoot_stream_connect($1_t)
')
@@ -11085,7 +11158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
#######################################
-@@ -1102,6 +1171,8 @@
+@@ -1102,6 +1177,8 @@
class passwd { passwd chfn chsh rootok crontab };
')
@@ -11094,7 +11167,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##############################
#
# Declarations
-@@ -1127,7 +1198,7 @@
+@@ -1127,7 +1204,7 @@
# $1_t local policy
#
@@ -11103,7 +11176,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
allow $1_t self:process { setexec setfscreate };
# Set password information for other users.
-@@ -1139,7 +1210,11 @@
+@@ -1139,7 +1216,11 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@@ -11116,7 +11189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
-@@ -1902,6 +1977,41 @@
+@@ -1902,6 +1983,41 @@
########################################
##