From 75093bd9956986bd1c4795adb2a784faa386ad2b Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Dec 04 2008 21:33:45 +0000
Subject: - Turn off nsplugin transition, by default

- Allow httpd_sys_script_t to communicate with postgresql

---

diff --git a/policy-20080710.patch b/policy-20080710.patch
index 0136f5e..e5b0ce7 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -32999,7 +32999,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if	2008-12-02 14:58:41.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if	2008-12-04 16:32:18.000000000 -0500
 @@ -28,10 +28,14 @@
  		class context contains;
  	')
@@ -35181,7 +35181,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5513,3 +5667,584 @@
+@@ -5513,3 +5667,601 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -35766,6 +35766,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	allow $1 user_home_t:file execmod;
 +')
++########################################
++## <summary>
++##	dontaudit list /root
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`userdom_dontaudit_list_admin_dir',`
++	gen_require(`
++		type admin_home_t;
++	')
++
++	dontaudit $1 admin_home_t:dir list_dir_perms;
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.13/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2008-10-17 08:49:13.000000000 -0400
 +++ serefpolicy-3.5.13/policy/modules/system/userdomain.te	2008-12-02 16:09:55.000000000 -0500
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e635195..6f7daed 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -459,6 +459,10 @@ exit 0
 %endif
 
 %changelog
+* Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-32
+- Turn off nsplugin transition, by default
+- Allow httpd_sys_script_t to communicate with postgresql
+
 * Wed Dec 2 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-30
 - Allow nsplugin to list gconf_home_t directory