From d7e78f31ead6e74cf355fd6abca5c28c84cd05af Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Jul 14 2008 20:37:57 +0000
Subject: - Allow unconfined_t to setfcap

- Allow spamassassin to read razor lib files

---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index 8320efc..abc75ee 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -17192,7 +17192,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.3.1/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.te	2008-07-11 14:36:19.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.te	2008-07-14 16:33:45.000000000 -0400
 @@ -16,6 +16,7 @@
  type kadmind_t;
  type kadmind_exec_t;
@@ -17298,13 +17298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
  allow krb5kdc_t self:netlink_route_socket r_netlink_socket_perms;
  allow krb5kdc_t self:tcp_socket create_stream_socket_perms;
  allow krb5kdc_t self:udp_socket create_socket_perms;
-@@ -160,11 +182,13 @@
- allow krb5kdc_t krb5_conf_t:file read_file_perms;
- dontaudit krb5kdc_t krb5_conf_t:file write;
- 
--can_exec(krb5kdc_t, krb5kdc_exec_t)
-+qcan_exec(krb5kdc_t, krb5kdc_exec_t)
- 
+@@ -165,6 +187,8 @@
  read_files_pattern(krb5kdc_t,krb5kdc_conf_t,krb5kdc_conf_t)
  dontaudit krb5kdc_t krb5kdc_conf_t:file write;
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 1ba8e12..9a8311e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 77%{?dist}
+Release: 78%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -385,9 +385,13 @@ exit 0
 %endif
 
 %changelog
+* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-78
+- Allow unconfined_t to setfcap
+- Allow spamassassin to read razor lib files
+
 * Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-77
 - Allow amanda to read tape
-- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
+- Allow prewikka cgi to use syslog, allow prelude_ausisp to signal audisp_t 
 - Add support for netware file systems
 
 * Thu Jul 3 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-76