From 6a2c4d3da7b9411067c3c7a210e4033fc6ce246d Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Nov 24 2008 21:07:37 +0000
Subject: - Fix certwatch creating cache


---

diff --git a/policy-20080710.patch b/policy-20080710.patch
index 1bb1028..50e9ce4 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -577,16 +577,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  cron_search_spool(logrotate_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.5.13/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/admin/logwatch.te	2008-11-24 10:49:49.000000000 -0500
-@@ -43,6 +43,7 @@
++++ serefpolicy-3.5.13/policy/modules/admin/logwatch.te	2008-11-24 11:54:20.000000000 -0500
+@@ -43,6 +43,8 @@
  kernel_read_fs_sysctls(logwatch_t)
  kernel_read_kernel_sysctls(logwatch_t)
  kernel_read_system_state(logwatch_t)
++kernel_read_network_state(logwatch_t)
 +kernel_read_net_sysctls(logwatch_t)
  
  corecmd_exec_bin(logwatch_t)
  corecmd_exec_shell(logwatch_t)
-@@ -54,18 +55,19 @@
+@@ -54,18 +56,19 @@
  domain_read_all_domains_state(logwatch_t)
  
  files_list_var(logwatch_t)
@@ -609,7 +610,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  term_dontaudit_getattr_pty_dirs(logwatch_t)
  term_dontaudit_list_ptys(logwatch_t)
-@@ -87,6 +89,7 @@
+@@ -87,6 +90,7 @@
  selinux_dontaudit_getattr_dir(logwatch_t)
  
  sysnet_dns_name_resolve(logwatch_t)
@@ -617,7 +618,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  mta_send_mail(logwatch_t)
  
-@@ -131,4 +134,5 @@
+@@ -131,4 +135,5 @@
  
  optional_policy(`
  	samba_read_log(logwatch_t)
@@ -28556,7 +28557,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.5.13/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/authlogin.if	2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/authlogin.if	2008-11-24 16:05:46.000000000 -0500
 @@ -56,10 +56,6 @@
  	miscfiles_read_localization($1_chkpwd_t)
  
@@ -28799,7 +28800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  ')
  
-@@ -1491,3 +1586,79 @@
+@@ -1491,3 +1586,81 @@
  	typeattribute $1 can_write_shadow_passwords;
  	typeattribute $1 can_relabelto_shadow_passwords;
  ')
@@ -28876,7 +28877,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		type auth_cache_t;
 +	')
 +
-+	files_var_filetrans($1,auth_cache_t,file)
++	manage_files_pattern($1, auth_cache_t,  auth_cache_t)
++	manage_dirs_pattern($1, auth_cache_t,  auth_cache_t)
++	files_var_filetrans($1,auth_cache_t,{ file dir } )
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.5.13/policy/modules/system/authlogin.te
@@ -29653,7 +29656,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.5.13/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/iptables.te	2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/iptables.te	2008-11-24 14:40:10.000000000 -0500
+@@ -27,7 +27,7 @@
+ allow iptables_t self:process { sigchld sigkill sigstop signull signal };
+ allow iptables_t self:rawip_socket create_socket_perms;
+ 
+-allow iptables_t iptables_var_run_t:dir rw_dir_perms;
++manage_files_pattern(iptables_t, iptables_var_run_t, iptables_var_run_t)
+ files_pid_filetrans(iptables_t,iptables_var_run_t,file)
+ 
+ can_exec(iptables_t,iptables_exec_t)
 @@ -53,6 +53,7 @@
  mls_file_read_all_levels(iptables_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4fbc16a..29a315b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Nov 24 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-24
+- Fix certwatch creating cache
+
 * Mon Nov 24 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-23
 - Add afs_client port definition