diff --git a/policy-20080509.patch b/policy-20080509.patch
index f146309..8b5d4b7 100644
--- a/policy-20080509.patch
+++ b/policy-20080509.patch
@@ -284,7 +284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.4.2/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2008-06-12 23:25:08.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/admin/amanda.te 2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/admin/amanda.te 2008-07-07 11:14:20.000000000 -0400
@@ -82,8 +82,9 @@
allow amanda_t amanda_config_t:file { getattr read };
@@ -297,7 +297,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
# access to amanda_dumpdates_t
allow amanda_t amanda_dumpdates_t:file { getattr lock read write };
-@@ -220,6 +221,7 @@
+@@ -146,6 +147,8 @@
+ fs_list_all(amanda_t)
+
+ storage_raw_read_fixed_disk(amanda_t)
++storage_read_tape(amanda_t)
++storage_write_tape(amanda_t)
+
+ # Added for targeted policy
+ term_use_unallocated_ttys(amanda_t)
+@@ -220,6 +223,7 @@
auth_use_nsswitch(amanda_recover_t)
fstools_domtrans(amanda_t)
@@ -1460,7 +1469,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
#######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.4.2/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2008-06-12 23:25:08.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/admin/sudo.if 2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/admin/sudo.if 2008-07-07 11:49:07.000000000 -0400
@@ -55,7 +55,7 @@
#
@@ -1510,7 +1519,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
domain_use_interactive_fds($1_sudo_t)
domain_sigchld_interactive_fds($1_sudo_t)
-@@ -106,32 +108,49 @@
+@@ -106,32 +108,50 @@
files_getattr_usr_files($1_sudo_t)
# for some PAM modules and for cwd
files_dontaudit_search_home($1_sudo_t)
@@ -1549,6 +1558,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
# for some PAM modules and for cwd
+ sysadm_search_home_content_dirs($1_sudo_t)
userdom_dontaudit_search_all_users_home_content($1_sudo_t)
++ userdom_manage_all_users_keys($1_sudo_t)
- ifdef(`TODO',`
- # for when the network connection is killed
@@ -7375,7 +7385,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.4.2/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2008-06-12 23:25:02.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.te 2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/kernel/filesystem.te 2008-07-07 12:19:45.000000000 -0400
@@ -21,7 +21,6 @@
# Use xattrs for the following filesystem types.
@@ -7396,6 +7406,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
type eventpollfs_t;
fs_type(eventpollfs_t)
# change to task SID 20060628
+@@ -241,6 +245,7 @@
+ genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
+ genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
+ genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
++genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
+
+ ########################################
+ #
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.4.2/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2008-06-12 23:25:03.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/kernel/kernel.if 2008-07-02 08:47:04.000000000 -0400
@@ -21376,7 +21394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.4.2/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-06-12 23:25:06.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/prelude.te 2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/services/prelude.te 2008-07-07 11:27:54.000000000 -0400
@@ -19,12 +19,31 @@
type prelude_var_lib_t;
files_type(prelude_var_lib_t)
@@ -21520,12 +21538,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
########################################
#
# prewikka_cgi Declarations
-@@ -135,6 +234,10 @@
+@@ -135,6 +234,12 @@
apache_content_template(prewikka)
files_read_etc_files(httpd_prewikka_script_t)
+ auth_use_nsswitch(httpd_prewikka_script_t)
+
++ logging_send_syslog_msg(httpd_prewikka_script_t)
++
+ can_exec(httpd_prewikka_script_t, httpd_prewikka_script_exec_t)
+
optional_policy(`
@@ -28282,7 +28302,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.4.2/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/system/authlogin.if 2008-07-02 08:47:05.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/system/authlogin.if 2008-07-07 11:48:48.000000000 -0400
@@ -56,10 +56,6 @@
miscfiles_read_localization($1_chkpwd_t)
@@ -29779,7 +29799,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+/var/cfengine/outputs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.4.2/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/system/logging.if 2008-07-02 08:55:06.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/system/logging.if 2008-07-07 11:43:15.000000000 -0400
@@ -213,12 +213,7 @@
##
#
@@ -29884,7 +29904,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
########################################
-@@ -771,6 +803,131 @@
+@@ -771,6 +803,132 @@
##
#
interface(`logging_admin',`
@@ -29995,6 +30015,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+ role system_r types $1;
+
+ domtrans_pattern(audisp_t,$2,$1)
++ allow $1 audisp_t:process signal;
+
+ allow audisp_t $2:file getattr;
+ allow $1 audisp_t:unix_stream_socket rw_socket_perms;
@@ -33457,7 +33478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-02 08:47:05.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-07 11:47:08.000000000 -0400
@@ -28,10 +28,14 @@
class context contains;
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 7ed64bb..843adf6 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.4.2
-Release: 11%{?dist}
+Release: 12%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -375,6 +375,11 @@ exit 0
%endif
%changelog
+* Mon Jul 7 2008 Dan Walsh 3.4.2-12
+- Allow amanda to read tape
+- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
+- Add support for netware file systems
+
* Thu Jul 3 2008 Dan Walsh 3.4.2-11
- Allow ypbind apps to net_bind_service