From 8a34565bae72e2db702a4db75b8f76e446d8bd75 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: May 30 2008 14:43:33 +0000
Subject: - Allow policykit_resolve to ptrace user processes


---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index 023d72e..09f454b 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -19725,8 +19725,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.3.1/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.te	2008-05-30 09:28:55.242962000 -0400
-@@ -0,0 +1,214 @@
++++ serefpolicy-3.3.1/policy/modules/services/polkit.te	2008-05-30 10:28:34.023521000 -0400
+@@ -0,0 +1,215 @@
 +policy_module(polkit_auth,1.0.0)
 +
 +########################################
@@ -19928,6 +19928,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +
 +logging_send_syslog_msg(polkit_resolve_t)
 +userdom_read_all_users_state(polkit_resolve_t)
++userdom_ptrace_all_users(polkit_resolve_t)
 +
 +optional_policy(`
 +	dbus_system_bus_client_template(polkit_resolve, polkit_resolve_t)
@@ -33289,7 +33290,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-02-26 08:23:09.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-05-29 12:12:15.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-05-30 10:42:18.613335000 -0400
 @@ -29,9 +29,14 @@
  	')
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2d41eb2..874eee4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 61%{?dist}
+Release: 62%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,9 @@ exit 0
 %endif
 
 %changelog
+* Fri May 30 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-62
+- Allow policykit_resolve to ptrace user processes
+
 * Fri May 30 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-61
 - Allow policykit_resolve to read users process table