diff --git a/policy-20090521.patch b/policy-20090521.patch
index 3075ff7..a7a6e32 100644
--- a/policy-20090521.patch
+++ b/policy-20090521.patch
@@ -1,6 +1,6 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-3.6.12/man/man8/nfs_selinux.8
---- nsaserefpolicy/man/man8/nfs_selinux.8 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/man/man8/nfs_selinux.8 2009-11-19 10:29:57.000000000 +0100
+--- nsaserefpolicy/man/man8/nfs_selinux.8 2010-01-19 12:51:11.885608081 +0100
++++ serefpolicy-3.6.12/man/man8/nfs_selinux.8 2010-01-19 12:51:30.666607854 +0100
@@ -1,9 +1,9 @@
.TH "nfs_selinux" "8" "9 Feb 2009" "dwalsh@redhat.com" "NFS SELinux Policy documentation"
.SH "NAME"
@@ -24,7 +24,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/samba_selinux.8 serefpolicy-3.6.12/man/man8/samba_selinux.8
--- nsaserefpolicy/man/man8/samba_selinux.8 2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/man/man8/samba_selinux.8 2009-08-19 18:01:06.000000000 +0200
++++ serefpolicy-3.6.12/man/man8/samba_selinux.8 2010-01-19 12:51:30.667607981 +0100
@@ -20,7 +20,7 @@
.TP
This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
@@ -41,8 +41,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man
-selinux(8), samba(7), chcon(1), setsebool(8)
+selinux(8), samba(7), chcon(1), setsebool(8), semanage(8)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.12/policy/mcs
---- nsaserefpolicy/policy/mcs 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/mcs 2009-07-08 21:09:33.000000000 +0200
+--- nsaserefpolicy/policy/mcs 2010-01-19 12:51:11.888608672 +0100
++++ serefpolicy-3.6.12/policy/mcs 2010-01-19 12:51:30.672607570 +0100
@@ -66,7 +66,7 @@
#
# Note that getattr on files is always permitted.
@@ -81,8 +81,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') dnl end enable_mcs
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.6.12/policy/modules/admin/certwatch.te
---- nsaserefpolicy/policy/modules/admin/certwatch.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/certwatch.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/certwatch.te 2010-01-19 12:51:11.890618006 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/certwatch.te 2010-01-19 12:51:30.673607627 +0100
@@ -1,5 +1,5 @@
-policy_module(certwatch, 1.3.0)
@@ -100,8 +100,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_syslog_msg(certwatch_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.6.12/policy/modules/admin/dmesg.te
---- nsaserefpolicy/policy/modules/admin/dmesg.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/dmesg.te 2009-11-19 12:04:46.000000000 +0100
+--- nsaserefpolicy/policy/modules/admin/dmesg.te 2010-01-19 12:51:11.892620356 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/dmesg.te 2010-01-19 12:51:30.674607405 +0100
@@ -62,3 +62,6 @@
optional_policy(`
udev_read_db(dmesg_t)
@@ -110,8 +110,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+#mcelog needs
+dev_read_raw_memory(dmesg_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.12/policy/modules/admin/kismet.te
---- nsaserefpolicy/policy/modules/admin/kismet.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/kismet.te 2009-07-07 08:55:43.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/kismet.te 2010-01-19 12:51:11.894608528 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/kismet.te 2010-01-19 12:51:30.674607405 +0100
@@ -23,6 +23,9 @@
type kismet_var_lib_t;
files_type(kismet_var_lib_t)
@@ -154,8 +154,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ')
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.6.12/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/logrotate.te 2009-07-28 16:09:42.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-01-19 12:51:11.895617594 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/logrotate.te 2010-01-19 12:51:30.675616123 +0100
@@ -32,7 +32,7 @@
# Change ownership on log files.
allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
@@ -177,8 +177,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.6.12/policy/modules/admin/mrtg.te
---- nsaserefpolicy/policy/modules/admin/mrtg.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/mrtg.te 2009-08-13 08:59:23.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/mrtg.te 2010-01-19 12:51:11.897608001 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/mrtg.te 2010-01-19 12:51:30.676608358 +0100
@@ -136,10 +136,18 @@
')
@@ -199,8 +199,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.6.12/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/netutils.te 2009-11-19 10:07:23.000000000 +0100
+--- nsaserefpolicy/policy/modules/admin/netutils.te 2010-01-19 12:51:11.898617767 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/netutils.te 2010-01-19 12:51:30.677620847 +0100
@@ -38,7 +38,7 @@
# Perform network administration operations and have raw access to the network.
@@ -211,8 +211,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow netutils_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
allow netutils_t self:packet_socket create_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.12/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/prelink.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2010-01-19 12:51:11.901618148 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/prelink.te 2010-01-19 12:51:30.678620066 +0100
@@ -68,10 +68,11 @@
files_list_all(prelink_t)
files_getattr_all_files(prelink_t)
@@ -238,8 +238,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unconfined_domain(prelink_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.12/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/readahead.te 2009-08-05 21:59:03.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2010-01-19 12:51:11.903617984 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/readahead.te 2010-01-19 12:51:30.679620054 +0100
@@ -50,11 +50,13 @@
domain_use_interactive_fds(readahead_t)
domain_read_all_domains_state(readahead_t)
@@ -255,8 +255,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(readahead_t)
fs_search_auto_mountpoints(readahead_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.12/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.fc 2009-09-02 13:11:37.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/rpm.fc 2010-01-19 12:51:11.904618041 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.fc 2010-01-19 12:51:30.680608168 +0100
@@ -1,5 +1,6 @@
/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -265,8 +265,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/bin/yum -- gen_context(system_u:object_r:rpm_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.12/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.if 2009-09-02 11:03:37.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/rpm.if 2010-01-19 12:51:11.905618238 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.if 2010-01-19 12:51:30.681608994 +0100
@@ -470,6 +470,24 @@
########################################
@@ -325,8 +325,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ dontaudit $1 rpm_tmpfs_t:file write_file_perms;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.6.12/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.te 2009-07-28 14:08:18.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/rpm.te 2010-01-19 12:51:11.907608156 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.te 2010-01-19 12:51:30.685607338 +0100
@@ -377,6 +377,10 @@
')
@@ -340,7 +340,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.fc serefpolicy-3.6.12/policy/modules/admin/shorewall.fc
--- nsaserefpolicy/policy/modules/admin/shorewall.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/admin/shorewall.fc 2009-10-29 22:48:05.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/shorewall.fc 2010-01-19 12:51:30.686611725 +0100
@@ -0,0 +1,13 @@
+
+/etc/rc\.d/init\.d/shorewall -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
@@ -357,7 +357,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.6.12/policy/modules/admin/shorewall.if
--- nsaserefpolicy/policy/modules/admin/shorewall.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/admin/shorewall.if 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/shorewall.if 2010-01-19 12:51:30.687608849 +0100
@@ -0,0 +1,166 @@
+## policy for shorewall
+
@@ -527,7 +527,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.6.12/policy/modules/admin/shorewall.te
--- nsaserefpolicy/policy/modules/admin/shorewall.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/admin/shorewall.te 2009-06-25 10:41:25.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/shorewall.te 2010-01-19 12:51:30.689618043 +0100
@@ -0,0 +1,103 @@
+policy_module(shorewall,1.0.0)
+
@@ -633,8 +633,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive shorewall_t;
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.6.12/policy/modules/admin/sudo.if
---- nsaserefpolicy/policy/modules/admin/sudo.if 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/sudo.if 2009-08-05 23:24:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/sudo.if 2010-01-19 12:51:11.908617992 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/sudo.if 2010-01-19 12:51:30.689618043 +0100
@@ -152,6 +152,10 @@
optional_policy(`
dbus_system_bus_client($1_sudo_t)
@@ -648,7 +648,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tzdata.te serefpolicy-3.6.12/policy/modules/admin/tzdata.te
--- nsaserefpolicy/policy/modules/admin/tzdata.te 2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/tzdata.te 2009-09-07 13:31:31.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/tzdata.te 2010-01-19 12:51:30.690617961 +0100
@@ -16,6 +16,8 @@
# tzdata local policy
#
@@ -660,7 +660,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.12/policy/modules/admin/usermanage.if
--- nsaserefpolicy/policy/modules/admin/usermanage.if 2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/usermanage.if 2009-09-02 09:29:39.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/usermanage.if 2010-01-19 12:51:30.691607822 +0100
@@ -274,6 +274,9 @@
usermanage_domtrans_useradd($1)
role $2 types useradd_t;
@@ -672,8 +672,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
nscd_run(useradd_t, $2)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.12/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/usermanage.te 2009-09-02 09:28:02.000000000 +0200
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2010-01-19 12:51:11.913617929 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/usermanage.te 2010-01-19 12:51:30.693618133 +0100
@@ -209,6 +209,7 @@
files_manage_etc_files(groupadd_t)
files_relabel_etc_files(groupadd_t)
@@ -693,7 +693,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_home_filetrans_user_home_dir(useradd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.6.12/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/admin/vpn.te 2010-01-06 16:12:18.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/admin/vpn.te 2010-01-19 12:51:30.694617981 +0100
@@ -104,6 +104,7 @@
sysnet_etc_filetrans_config(vpnc_t)
sysnet_manage_config(vpnc_t)
@@ -703,8 +703,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_dontaudit_search_user_home_content(vpnc_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.6.12/policy/modules/apps/awstats.te
---- nsaserefpolicy/policy/modules/apps/awstats.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/awstats.te 2009-08-19 18:08:12.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/awstats.te 2010-01-19 12:51:11.915617346 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/awstats.te 2010-01-19 12:51:30.694617981 +0100
@@ -28,6 +28,8 @@
awstats_rw_pipes(awstats_t)
awstats_cgi_exec(awstats_t)
@@ -716,7 +716,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/calamaris.te serefpolicy-3.6.12/policy/modules/apps/calamaris.te
--- nsaserefpolicy/policy/modules/apps/calamaris.te 2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/calamaris.te 2009-08-05 23:27:19.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/calamaris.te 2010-01-19 12:51:30.695618108 +0100
@@ -82,5 +82,9 @@
')
@@ -729,7 +729,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.6.12/policy/modules/apps/gitosis.fc
--- nsaserefpolicy/policy/modules/apps/gitosis.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/gitosis.fc 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.fc 2010-01-19 12:51:30.696620471 +0100
@@ -0,0 +1,4 @@
+
+/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
@@ -737,7 +737,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.12/policy/modules/apps/gitosis.if
--- nsaserefpolicy/policy/modules/apps/gitosis.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/gitosis.if 2009-06-29 22:52:15.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.if 2010-01-19 12:51:30.697608236 +0100
@@ -0,0 +1,96 @@
+## gitosis interface
+
@@ -837,7 +837,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.6.12/policy/modules/apps/gitosis.te
--- nsaserefpolicy/policy/modules/apps/gitosis.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/gitosis.te 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.te 2010-01-19 12:51:30.698608712 +0100
@@ -0,0 +1,43 @@
+policy_module(gitosis,1.0.0)
+
@@ -883,8 +883,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ssh_rw_pipes(gitosis_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.6.12/policy/modules/apps/gnome.te
---- nsaserefpolicy/policy/modules/apps/gnome.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/gnome.te 2009-09-18 14:56:40.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/gnome.te 2010-01-19 12:51:11.922608458 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/gnome.te 2010-01-19 12:51:30.699608071 +0100
@@ -114,6 +114,16 @@
userdom_dontaudit_search_admin_dir(gconfdefaultsm_t)
@@ -903,8 +903,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
consolekit_dbus_chat(gconfdefaultsm_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.6.12/policy/modules/apps/gpg.if
---- nsaserefpolicy/policy/modules/apps/gpg.if 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/gpg.if 2009-08-18 15:05:46.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/gpg.if 2010-01-19 12:51:11.924618072 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/gpg.if 2010-01-19 12:51:30.699608071 +0100
@@ -30,7 +30,7 @@
# allow ps to show gpg
@@ -915,8 +915,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# communicate with the user
allow gpg_helper_t $2:fd use;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.6.12/policy/modules/apps/gpg.te
---- nsaserefpolicy/policy/modules/apps/gpg.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/gpg.te 2009-08-18 15:06:47.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/gpg.te 2010-01-19 12:51:11.925621412 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/gpg.te 2010-01-19 12:51:30.701607837 +0100
@@ -90,6 +90,7 @@
corenet_tcp_connect_all_ports(gpg_t)
corenet_sendrecv_all_client_packets(gpg_t)
@@ -926,8 +926,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_urand(gpg_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.12/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/java.te 2009-09-22 17:00:57.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/java.te 2010-01-19 12:51:11.928618231 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/java.te 2010-01-19 12:51:30.701607837 +0100
@@ -148,6 +148,8 @@
# execheap is needed for itanium/BEA jrocket
allow unconfined_java_t self:process { execstack execmem execheap };
@@ -938,8 +938,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unconfined_domain_noaudit(unconfined_java_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.6.12/policy/modules/apps/mozilla.if
---- nsaserefpolicy/policy/modules/apps/mozilla.if 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/mozilla.if 2009-07-08 21:12:05.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/mozilla.if 2010-01-19 12:51:11.934607820 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/mozilla.if 2010-01-19 12:51:30.702607964 +0100
@@ -45,6 +45,18 @@
relabel_dirs_pattern($2, mozilla_home_t, mozilla_home_t)
relabel_files_pattern($2, mozilla_home_t, mozilla_home_t)
@@ -978,8 +978,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.12/policy/modules/apps/mozilla.te
---- nsaserefpolicy/policy/modules/apps/mozilla.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/mozilla.te 2009-07-08 21:12:10.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-01-19 12:51:11.935618493 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/mozilla.te 2010-01-19 12:51:30.704607869 +0100
@@ -59,6 +59,7 @@
manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
@@ -1030,8 +1030,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.12/policy/modules/apps/nsplugin.if
---- nsaserefpolicy/policy/modules/apps/nsplugin.if 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.if 2009-07-07 08:51:57.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/nsplugin.if 2010-01-19 12:51:11.939608107 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.if 2010-01-19 12:51:30.705618543 +0100
@@ -89,6 +89,8 @@
role $1 types nsplugin_config_t;
@@ -1043,13 +1043,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.fc serefpolicy-3.6.12/policy/modules/apps/ptchown.fc
--- nsaserefpolicy/policy/modules/apps/ptchown.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/ptchown.fc 2009-08-14 08:31:59.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/ptchown.fc 2010-01-19 12:51:30.706618111 +0100
@@ -0,0 +1,2 @@
+
+/usr/libexec/pt_chown -- gen_context(system_u:object_r:ptchown_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.if serefpolicy-3.6.12/policy/modules/apps/ptchown.if
--- nsaserefpolicy/policy/modules/apps/ptchown.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/ptchown.if 2009-08-14 08:09:22.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/ptchown.if 2010-01-19 12:51:30.706618111 +0100
@@ -0,0 +1,22 @@
+
+## helper function for grantpt(3), changes ownship and permissions of pseudotty
@@ -1075,7 +1075,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.te serefpolicy-3.6.12/policy/modules/apps/ptchown.te
--- nsaserefpolicy/policy/modules/apps/ptchown.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/apps/ptchown.te 2009-08-20 09:35:25.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/ptchown.te 2010-01-19 12:51:30.710608074 +0100
@@ -0,0 +1,40 @@
+policy_module(ptchown,1.0.0)
+
@@ -1118,15 +1118,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_localization(ptchown_t)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.12/policy/modules/apps/qemu.fc
---- nsaserefpolicy/policy/modules/apps/qemu.fc 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/qemu.fc 2010-01-19 12:51:11.948618262 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc 2010-01-19 12:51:30.710608074 +0100
@@ -1,2 +1,3 @@
/usr/bin/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
+/usr/libexec/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.12/policy/modules/apps/qemu.te
---- nsaserefpolicy/policy/modules/apps/qemu.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/qemu.te 2010-01-06 14:48:15.000000000 +0100
+--- nsaserefpolicy/policy/modules/apps/qemu.te 2010-01-19 12:51:11.951608237 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.te 2010-01-19 12:51:30.711617700 +0100
@@ -50,6 +50,9 @@
storage_raw_write_removable_device(qemu_t)
storage_raw_read_removable_device(qemu_t)
@@ -1155,8 +1155,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.6.12/policy/modules/apps/sandbox.if
---- nsaserefpolicy/policy/modules/apps/sandbox.if 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/sandbox.if 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/sandbox.if 2010-01-19 12:51:11.955618035 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/sandbox.if 2010-01-19 12:51:30.714607885 +0100
@@ -3,73 +3,143 @@
########################################
@@ -1334,8 +1334,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 sandbox_xserver_tmpfs_t:file rw_file_perms;
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.6.12/policy/modules/apps/sandbox.te
---- nsaserefpolicy/policy/modules/apps/sandbox.te 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/sandbox.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/sandbox.te 2010-01-19 12:51:11.957607813 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/sandbox.te 2010-01-19 12:51:30.715618069 +0100
@@ -1,18 +1,84 @@
policy_module(sandbox,1.0.0)
+dbus_stub()
@@ -1632,8 +1632,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ hal_dbus_chat(sandbox_net_client_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.6.12/policy/modules/apps/screen.if
---- nsaserefpolicy/policy/modules/apps/screen.if 2009-06-25 10:19:43.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/screen.if 2009-08-05 23:21:33.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/screen.if 2010-01-19 12:51:11.958618556 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/screen.if 2010-01-19 12:51:30.716619663 +0100
@@ -62,6 +62,7 @@
manage_dirs_pattern($1_screen_t, screen_dir_t, screen_dir_t)
filetrans_pattern($1_screen_t, screen_dir_t, screen_var_run_t, fifo_file)
@@ -1642,9 +1642,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow $1_screen_t screen_home_t:dir list_dir_perms;
read_files_pattern($1_screen_t, screen_home_t, screen_home_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.6.12/policy/modules/apps/slocate.te
+--- nsaserefpolicy/policy/modules/apps/slocate.te 2009-04-07 21:54:49.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/slocate.te 2010-01-19 13:02:01.591608019 +0100
+@@ -50,6 +50,7 @@
+ fs_getattr_all_symlinks(locate_t)
+ fs_list_all(locate_t)
+ fs_list_inotifyfs(locate_t)
++fs_read_noxattr_fs_symlinks(locate_t)
+
+ # getpwnam
+ auth_use_nsswitch(locate_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.6.12/policy/modules/apps/vmware.fc
--- nsaserefpolicy/policy/modules/apps/vmware.fc 2009-04-07 21:54:49.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/vmware.fc 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/vmware.fc 2010-01-19 12:51:30.717611828 +0100
@@ -63,6 +63,7 @@
')
@@ -1654,8 +1665,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0)
/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.6.12/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/apps/vmware.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/apps/vmware.te 2010-01-19 12:51:11.961607624 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/vmware.te 2010-01-19 12:51:30.718618032 +0100
@@ -136,7 +136,7 @@
miscfiles_read_localization(vmware_host_t)
@@ -1677,8 +1688,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`TODO',`
# VMWare need access to pcmcia devices for network
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc 2009-08-13 17:13:38.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-01-19 12:51:11.965616444 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc 2010-01-19 12:51:30.719617600 +0100
@@ -7,6 +7,7 @@
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -1726,8 +1737,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- gen_context(system_u:object_r:bin_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in 2009-08-13 08:57:43.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2010-01-19 12:51:11.969607384 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in 2010-01-19 12:51:30.720620172 +0100
@@ -107,6 +107,7 @@
network_port(giftd, tcp,1213,s0)
network_port(gopher, tcp,70,s0, udp,70,s0)
@@ -1755,8 +1766,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
network_port(mmcc, tcp,5050,s0, udp,5050,s0)
network_port(monopd, tcp,1234,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.6.12/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc 2009-09-29 18:31:58.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-01-19 12:51:11.970607302 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc 2010-01-19 12:51:30.721620159 +0100
@@ -46,8 +46,10 @@
/dev/kmem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
/dev/kmsg -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
@@ -1777,8 +1788,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.6.12/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.if 2009-07-03 11:25:38.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2010-01-19 12:51:11.972607417 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.if 2010-01-19 12:51:30.724607969 +0100
@@ -1727,6 +1727,133 @@
########################################
@@ -1936,8 +1947,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ setattr_chr_files_pattern($1, devtty_t, devtty_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.6.12/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/devices.te 2010-01-19 12:51:11.973618649 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.te 2010-01-19 12:51:30.726608294 +0100
@@ -78,6 +78,13 @@
dev_node(ipmi_device_t)
@@ -1966,8 +1977,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
type lvm_control_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.12/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.if 2009-07-07 08:21:23.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/domain.if 2010-01-19 12:51:11.977607704 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.if 2010-01-19 12:51:30.727618199 +0100
@@ -44,34 +44,6 @@
interface(`domain_type',`
# start with basic domain
@@ -2025,8 +2036,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 unconfined_domain_type:process signal;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.12/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.te 2009-09-02 11:03:42.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/domain.te 2010-01-19 12:51:11.978607342 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.te 2010-01-19 12:51:30.729607628 +0100
@@ -91,6 +91,9 @@
kernel_read_proc_symlinks(domain)
kernel_read_crypto_sysctls(domain)
@@ -2102,8 +2113,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.12/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/files.if 2009-09-14 14:40:51.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/files.if 2010-01-19 12:51:11.981607235 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/files.if 2010-01-19 12:51:30.732608079 +0100
@@ -1953,6 +1953,8 @@
allow $1 etc_t:dir list_dir_perms;
read_files_pattern($1, etc_t, etc_t)
@@ -2130,8 +2141,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow $1 file_type:fifo_file { getattr read write append ioctl lock };
allow $1 file_type:sock_file { getattr read write append ioctl lock };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-01-19 12:51:11.988607357 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2010-01-19 12:51:30.734618112 +0100
@@ -817,7 +817,7 @@
type proc_t;
')
@@ -2142,8 +2153,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.6.12/policy/modules/kernel/storage.fc
---- nsaserefpolicy/policy/modules/kernel/storage.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/storage.fc 2009-08-24 16:29:47.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/storage.fc 2010-01-19 12:51:11.992607517 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/storage.fc 2010-01-19 12:51:30.736617947 +0100
@@ -28,6 +28,7 @@
/dev/megadev.* -c gen_context(system_u:object_r:removable_device_t,s0)
/dev/mmcblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
@@ -2154,7 +2165,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/dev/p[fg][0-3] -b gen_context(system_u:object_r:removable_device_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.6.12/policy/modules/kernel/storage.if
--- nsaserefpolicy/policy/modules/kernel/storage.if 2009-04-07 21:54:48.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/storage.if 2009-08-24 16:26:39.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/storage.if 2010-01-19 12:51:30.737617934 +0100
@@ -529,7 +529,7 @@
')
@@ -2165,8 +2176,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.12/policy/modules/kernel/terminal.if
---- nsaserefpolicy/policy/modules/kernel/terminal.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/terminal.if 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-01-19 12:51:11.993607155 +0100
++++ serefpolicy-3.6.12/policy/modules/kernel/terminal.if 2010-01-19 12:51:30.738608424 +0100
@@ -571,6 +571,25 @@
dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
')
@@ -2194,8 +2205,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
## Read and write the controlling
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.12/policy/modules/roles/staff.te
---- nsaserefpolicy/policy/modules/roles/staff.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/staff.te 2009-08-05 21:52:27.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/staff.te 2010-01-19 12:51:11.995607270 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/staff.te 2010-01-19 12:51:30.739608132 +0100
@@ -44,6 +44,10 @@
')
@@ -2230,8 +2241,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.6.12/policy/modules/roles/sysadm.if
---- nsaserefpolicy/policy/modules/roles/sysadm.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.if 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/sysadm.if 2010-01-19 12:51:11.995607270 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/sysadm.if 2010-01-19 12:51:30.740619783 +0100
@@ -116,6 +116,41 @@
########################################
@@ -2275,8 +2286,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## a specified domain. This is an explicit transition,
## requiring the caller to use setexeccon().
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.12/policy/modules/roles/sysadm.te
---- nsaserefpolicy/policy/modules/roles/sysadm.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/sysadm.te 2010-01-19 12:51:11.996607118 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te 2010-01-19 12:51:30.741620189 +0100
@@ -334,6 +334,10 @@
')
@@ -2289,8 +2300,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te
---- nsaserefpolicy/policy/modules/roles/unconfineduser.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te 2009-09-02 10:35:47.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 2010-01-19 12:51:11.999607220 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te 2010-01-19 12:51:30.742620386 +0100
@@ -52,6 +52,8 @@
init_system_domain(unconfined_execmem_t, execmem_exec_t)
role unconfined_r types unconfined_execmem_t;
@@ -2337,8 +2348,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
init_dbus_chat_script(unconfined_execmem_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.6.12/policy/modules/roles/unprivuser.te
---- nsaserefpolicy/policy/modules/roles/unprivuser.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/unprivuser.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2010-01-19 12:51:12.000607347 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/unprivuser.te 2010-01-19 12:51:30.743620374 +0100
@@ -22,5 +22,9 @@
')
@@ -2350,8 +2361,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
setroubleshoot_dontaudit_stream_connect(user_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.12/policy/modules/roles/xguest.te
---- nsaserefpolicy/policy/modules/roles/xguest.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/roles/xguest.te 2009-07-08 21:12:15.000000000 +0200
+--- nsaserefpolicy/policy/modules/roles/xguest.te 2010-01-19 12:51:12.001607265 +0100
++++ serefpolicy-3.6.12/policy/modules/roles/xguest.te 2010-01-19 12:51:30.744608209 +0100
@@ -36,11 +36,17 @@
# Local policy
#
@@ -2371,8 +2382,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_search_mnt(xguest_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.fc serefpolicy-3.6.12/policy/modules/services/afs.fc
---- nsaserefpolicy/policy/modules/services/afs.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/afs.fc 2009-08-24 16:34:56.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/afs.fc 2010-01-19 12:51:12.001607265 +0100
++++ serefpolicy-3.6.12/policy/modules/services/afs.fc 2010-01-19 12:51:30.745617974 +0100
@@ -26,7 +26,7 @@
/vicepb gen_context(system_u:object_r:afs_files_t,s0)
/vicepc gen_context(system_u:object_r:afs_files_t,s0)
@@ -2383,8 +2394,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/cache/afs(/.*)? gen_context(system_u:object_r:afs_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.6.12/policy/modules/services/afs.te
---- nsaserefpolicy/policy/modules/services/afs.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/afs.te 2009-08-24 16:32:10.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/afs.te 2010-01-19 12:51:12.003607450 +0100
++++ serefpolicy-3.6.12/policy/modules/services/afs.te 2010-01-19 12:51:30.746617892 +0100
@@ -331,6 +331,7 @@
files_mounton_mnt(afs_t)
files_read_etc_files(afs_t)
@@ -2394,8 +2405,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_xattr_fs(afs_t)
fs_mount_nfs(afs_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.12/policy/modules/services/apache.fc
---- nsaserefpolicy/policy/modules/services/apache.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/apache.fc 2009-09-14 14:48:14.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/apache.fc 2010-01-19 12:51:12.003607450 +0100
++++ serefpolicy-3.6.12/policy/modules/services/apache.fc 2010-01-19 12:51:30.747607892 +0100
@@ -40,6 +40,7 @@
/usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/wordpress-mu/wp-config\.php -- gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
@@ -2413,8 +2424,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/www/svn/hooks(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
+/var/www/svn/conf(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.6.12/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/apache.if 2010-01-06 15:18:20.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/apache.if 2010-01-19 12:51:12.006607482 +0100
++++ serefpolicy-3.6.12/policy/modules/services/apache.if 2010-01-19 12:51:30.748608369 +0100
@@ -16,6 +16,7 @@
attribute httpd_exec_scripts;
attribute httpd_script_exec_type;
@@ -2433,8 +2444,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`httpd_enable_cgi',`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.6.12/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/apache.te 2010-01-06 14:38:36.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/apache.te 2010-01-19 12:51:12.008607667 +0100
++++ serefpolicy-3.6.12/policy/modules/services/apache.te 2010-01-19 12:51:30.750618122 +0100
@@ -110,6 +110,13 @@
##
@@ -2473,8 +2484,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.6.12/policy/modules/services/apm.te
---- nsaserefpolicy/policy/modules/services/apm.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/apm.te 2009-11-20 13:05:50.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/apm.te 2010-01-19 12:51:12.009617223 +0100
++++ serefpolicy-3.6.12/policy/modules/services/apm.te 2010-01-19 12:51:30.751620344 +0100
@@ -220,6 +220,10 @@
')
@@ -2488,7 +2499,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.6.12/policy/modules/services/automount.if
--- nsaserefpolicy/policy/modules/services/automount.if 2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/automount.if 2009-07-20 14:44:39.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/automount.if 2010-01-19 12:51:30.752619633 +0100
@@ -21,6 +21,24 @@
########################################
@@ -2515,8 +2526,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.6.12/policy/modules/services/avahi.te
---- nsaserefpolicy/policy/modules/services/avahi.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/avahi.te 2009-06-29 13:28:59.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/avahi.te 2010-01-19 12:51:12.011613147 +0100
++++ serefpolicy-3.6.12/policy/modules/services/avahi.te 2010-01-19 12:51:30.753620389 +0100
@@ -24,7 +24,7 @@
# Local policy
#
@@ -2527,8 +2538,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow avahi_t self:process { setrlimit signal_perms getcap setcap };
allow avahi_t self:fifo_file rw_fifo_file_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.12/policy/modules/services/bluetooth.te
---- nsaserefpolicy/policy/modules/services/bluetooth.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/bluetooth.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/bluetooth.te 2010-01-19 12:51:12.015607859 +0100
++++ serefpolicy-3.6.12/policy/modules/services/bluetooth.te 2010-01-19 12:51:30.754620516 +0100
@@ -64,6 +64,7 @@
allow bluetooth_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow bluetooth_t self:tcp_socket create_stream_socket_perms;
@@ -2538,8 +2549,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.12/policy/modules/services/clamav.te
---- nsaserefpolicy/policy/modules/services/clamav.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/clamav.te 2009-12-09 15:28:27.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/clamav.te 2010-01-19 12:51:12.019607530 +0100
++++ serefpolicy-3.6.12/policy/modules/services/clamav.te 2010-01-19 12:51:30.755607793 +0100
@@ -106,6 +106,8 @@
corenet_tcp_bind_generic_port(clamd_t)
corenet_tcp_connect_generic_port(clamd_t)
@@ -2569,13 +2580,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sysnet_dns_name_resolve(freshclam_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.6.12/policy/modules/services/cobbler.fc
--- nsaserefpolicy/policy/modules/services/cobbler.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/cobbler.fc 2009-09-30 09:41:34.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cobbler.fc 2010-01-19 12:51:30.757607908 +0100
@@ -0,0 +1,2 @@
+
+/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.6.12/policy/modules/services/cobbler.if
--- nsaserefpolicy/policy/modules/services/cobbler.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/cobbler.if 2009-09-30 10:26:41.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cobbler.if 2010-01-19 12:51:30.757607908 +0100
@@ -0,0 +1,21 @@
+## cobbler server policy
+
@@ -2600,7 +2611,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.6.12/policy/modules/services/cobbler.te
--- nsaserefpolicy/policy/modules/services/cobbler.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/cobbler.te 2009-09-30 09:41:20.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cobbler.te 2010-01-19 12:51:30.758617743 +0100
@@ -0,0 +1,10 @@
+
+policy_module(cobbler,1.0.0)
@@ -2613,8 +2624,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+type cobbler_var_lib_t;
+files_type(cobbler_var_lib_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.12/policy/modules/services/consolekit.te
---- nsaserefpolicy/policy/modules/services/consolekit.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/consolekit.te 2009-10-29 22:41:51.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/consolekit.te 2010-01-19 12:51:12.021607086 +0100
++++ serefpolicy-3.6.12/policy/modules/services/consolekit.te 2010-01-19 12:51:30.759608232 +0100
@@ -14,7 +14,7 @@
files_pid_file(consolekit_var_run_t)
@@ -2640,8 +2651,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
init_telinit(consolekit_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.12/policy/modules/services/cron.if
---- nsaserefpolicy/policy/modules/services/cron.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cron.if 2009-07-13 10:01:22.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/cron.if 2010-01-19 12:51:12.025607455 +0100
++++ serefpolicy-3.6.12/policy/modules/services/cron.if 2010-01-19 12:51:30.760608918 +0100
@@ -163,27 +163,14 @@
#
interface(`cron_unconfined_role',`
@@ -2682,8 +2693,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
role system_r types $1;
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.12/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cron.te 2009-07-30 17:13:52.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/cron.te 2010-01-19 12:51:12.026607652 +0100
++++ serefpolicy-3.6.12/policy/modules/services/cron.te 2010-01-19 12:51:30.762608613 +0100
@@ -440,7 +440,7 @@
init_dontaudit_rw_utmp(system_cronjob_t)
# prelink tells init to restart it self, we either need to allow or dontaudit
@@ -2694,8 +2705,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(system_cronjob_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.12/policy/modules/services/cups.fc
---- nsaserefpolicy/policy/modules/services/cups.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cups.fc 2009-08-11 09:45:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/cups.fc 2010-01-19 12:51:12.027615811 +0100
++++ serefpolicy-3.6.12/policy/modules/services/cups.fc 2010-01-19 12:51:30.763608392 +0100
@@ -53,6 +53,8 @@
/var/lib/cups/certs -d gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/lib/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -2706,8 +2717,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/log/turboprint.* gen_context(system_u:object_r:cupsd_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.12/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cups.te 2009-11-05 17:54:34.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/cups.te 2010-01-19 12:51:12.032607717 +0100
++++ serefpolicy-3.6.12/policy/modules/services/cups.te 2010-01-19 12:51:30.764608868 +0100
@@ -59,12 +59,13 @@
init_daemon_domain(hplip_t, hplip_exec_t)
# For CUPS to run as a backend
@@ -2803,7 +2814,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.6.12/policy/modules/services/cyrus.te
--- nsaserefpolicy/policy/modules/services/cyrus.te 2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/cyrus.te 2009-09-16 13:08:45.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cyrus.te 2010-01-19 12:51:30.766608843 +0100
@@ -136,6 +136,7 @@
optional_policy(`
@@ -2813,8 +2824,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.12/policy/modules/services/dbus.if
---- nsaserefpolicy/policy/modules/services/dbus.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dbus.if 2009-10-02 09:02:08.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dbus.if 2010-01-19 12:51:12.035612708 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dbus.if 2010-01-19 12:51:30.767618818 +0100
@@ -176,6 +176,10 @@
xserver_use_xdm_fds($1_dbusd_t)
xserver_rw_xdm_pipes($1_dbusd_t)
@@ -2855,8 +2866,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.12/policy/modules/services/dcc.te
---- nsaserefpolicy/policy/modules/services/dcc.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dcc.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dcc.te 2010-01-19 12:51:12.038608550 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dcc.te 2010-01-19 12:51:30.769617885 +0100
@@ -130,11 +130,13 @@
# Access files in /var/dcc. The map file can be updated
@@ -2885,7 +2896,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.6.12/policy/modules/services/ddclient.if
--- nsaserefpolicy/policy/modules/services/ddclient.if 2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ddclient.if 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/ddclient.if 2010-01-19 12:51:30.769617885 +0100
@@ -21,6 +21,31 @@
########################################
@@ -2919,8 +2930,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## an ddclient environment
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.12/policy/modules/services/devicekit.te
---- nsaserefpolicy/policy/modules/services/devicekit.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/devicekit.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/devicekit.te 2010-01-19 12:51:12.041608722 +0100
++++ serefpolicy-3.6.12/policy/modules/services/devicekit.te 2010-01-19 12:51:30.770607466 +0100
@@ -55,7 +55,7 @@
#
# DeviceKit-Power local policy
@@ -2963,8 +2974,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
polkit_read_lib(devicekit_disk_t)
polkit_read_reload(devicekit_disk_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.12/policy/modules/services/dnsmasq.te
---- nsaserefpolicy/policy/modules/services/dnsmasq.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.te 2009-09-30 09:43:10.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2010-01-19 12:51:12.044620349 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.te 2010-01-19 12:51:30.770607466 +0100
@@ -83,10 +83,18 @@
userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
@@ -2985,8 +2996,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.6.12/policy/modules/services/dovecot.if
---- nsaserefpolicy/policy/modules/services/dovecot.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dovecot.if 2009-07-31 13:05:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dovecot.if 2010-01-19 12:51:12.046617810 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dovecot.if 2010-01-19 12:51:30.771607314 +0100
@@ -2,47 +2,44 @@
########################################
@@ -3070,8 +3081,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.12/policy/modules/services/dovecot.te
---- nsaserefpolicy/policy/modules/services/dovecot.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/dovecot.te 2009-09-30 15:36:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/dovecot.te 2010-01-19 12:51:12.047607530 +0100
++++ serefpolicy-3.6.12/policy/modules/services/dovecot.te 2010-01-19 13:12:34.951856866 +0100
@@ -1,5 +1,5 @@
-policy_module(dovecot, 1.10.2)
@@ -3149,9 +3160,30 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(dovecot_deliver_t)
userdom_manage_user_home_content_dirs(dovecot_deliver_t)
+@@ -268,3 +268,20 @@
+ mta_manage_spool(dovecot_deliver_t)
+ ')
+
++tunable_policy(`use_nfs_home_dirs',`
++ fs_manage_nfs_dirs(dovecot_deliver_t)
++ fs_manage_nfs_dirs(dovecot_t)
++ fs_manage_nfs_files(dovecot_deliver_t)
++ fs_manage_nfs_symlinks(dovecot_deliver_t)
++ fs_manage_nfs_files(dovecot_t)
++ fs_manage_nfs_symlinks(dovecot_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_manage_cifs_dirs(dovecot_deliver_t)
++ fs_manage_cifs_dirs(dovecot_t)
++ fs_manage_cifs_files(dovecot_deliver_t)
++ fs_manage_cifs_symlinks(dovecot_deliver_t)
++ fs_manage_cifs_files(dovecot_t)
++ fs_manage_cifs_symlinks(dovecot_t)
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.6.12/policy/modules/services/exim.te
---- nsaserefpolicy/policy/modules/services/exim.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/exim.te 2009-09-14 14:36:18.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/exim.te 2010-01-19 12:51:12.049617981 +0100
++++ serefpolicy-3.6.12/policy/modules/services/exim.te 2010-01-19 12:51:30.772607302 +0100
@@ -111,6 +111,7 @@
files_search_var(exim_t)
files_read_etc_files(exim_t)
@@ -3173,9 +3205,37 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.6.12/policy/modules/services/fail2ban.if
+--- nsaserefpolicy/policy/modules/services/fail2ban.if 2010-01-19 12:51:12.050618388 +0100
++++ serefpolicy-3.6.12/policy/modules/services/fail2ban.if 2010-01-19 13:00:27.397857214 +0100
+@@ -98,6 +98,24 @@
+ allow $1 fail2ban_var_run_t:file read_file_perms;
+ ')
+
++######################################
++##
++## Read and write to an fail2ban unix stream socket.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`fail2ban_rw_stream_sockets',`
++ gen_require(`
++ type fail2ban_t;
++ ')
++
++ allow $1 fail2ban_t:unix_stream_socket { getattr read write ioctl };
++')
++
+ ########################################
+ ##
+ ## All of the rules required to administrate
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.6.12/policy/modules/services/fail2ban.te
---- nsaserefpolicy/policy/modules/services/fail2ban.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/fail2ban.te 2009-10-16 13:32:38.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/fail2ban.te 2010-01-19 12:51:12.051619633 +0100
++++ serefpolicy-3.6.12/policy/modules/services/fail2ban.te 2010-01-19 12:51:30.773607499 +0100
@@ -79,6 +79,7 @@
auth_use_nsswitch(fail2ban_t)
@@ -3185,8 +3245,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(fail2ban_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.6.12/policy/modules/services/fetchmail.te
---- nsaserefpolicy/policy/modules/services/fetchmail.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/fetchmail.te 2009-06-29 16:22:53.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/fetchmail.te 2010-01-19 12:51:12.052617805 +0100
++++ serefpolicy-3.6.12/policy/modules/services/fetchmail.te 2010-01-19 12:51:30.774607207 +0100
@@ -60,6 +60,8 @@
corenet_tcp_connect_all_ports(fetchmail_t)
corenet_sendrecv_all_client_packets(fetchmail_t)
@@ -3197,8 +3257,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_read_rand(fetchmail_t)
dev_read_urand(fetchmail_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.6.12/policy/modules/services/fprintd.te
---- nsaserefpolicy/policy/modules/services/fprintd.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/fprintd.te 2009-08-13 18:07:07.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/fprintd.te 2010-01-19 12:51:12.055618954 +0100
++++ serefpolicy-3.6.12/policy/modules/services/fprintd.te 2010-01-19 12:51:30.774607207 +0100
@@ -22,12 +22,17 @@
corecmd_search_bin(fprintd_t)
@@ -3231,8 +3291,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
permissive fprintd_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.12/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ftp.te 2009-08-24 09:30:32.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ftp.te 2010-01-19 12:51:12.056617964 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ftp.te 2010-01-19 12:51:30.775607334 +0100
@@ -85,12 +85,23 @@
type xferlog_t;
logging_log_file(xferlog_t)
@@ -3276,8 +3336,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_kernel_sysctls(ftpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.12/policy/modules/services/gnomeclock.te
---- nsaserefpolicy/policy/modules/services/gnomeclock.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/gnomeclock.te 2010-01-19 12:51:12.059617857 +0100
++++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te 2010-01-19 12:51:30.776607601 +0100
@@ -44,6 +44,7 @@
')
@@ -3287,8 +3347,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
polkit_read_lib(gnomeclock_t)
polkit_read_reload(gnomeclock_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.12/policy/modules/services/gpsd.fc
---- nsaserefpolicy/policy/modules/services/gpsd.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.fc 2009-06-25 10:25:21.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/gpsd.fc 2010-01-19 12:51:12.062607902 +0100
++++ serefpolicy-3.6.12/policy/modules/services/gpsd.fc 2010-01-19 12:51:30.776607601 +0100
@@ -1,3 +1,6 @@
+/etc/rc\.d/init\.d/gpsd -- gen_context(system_u:object_r:gpsd_initrc_exec_t,s0)
@@ -3297,9 +3357,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/gpsd\.pid -- gen_context(system_u:object_r:gpsd_var_run_t,s0)
+/var/run/gpsd\.sock -s gen_context(system_u:object_r:gpsd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.12/policy/modules/services/gpsd.te
---- nsaserefpolicy/policy/modules/services/gpsd.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.te 2009-08-20 14:46:39.000000000 +0200
-@@ -8,17 +9,23 @@
+--- nsaserefpolicy/policy/modules/services/gpsd.te 2010-01-19 12:51:12.064607808 +0100
++++ serefpolicy-3.6.12/policy/modules/services/gpsd.te 2010-01-19 12:51:30.777607728 +0100
+@@ -8,17 +8,23 @@
type gpsd_t;
type gpsd_exec_t;
application_domain(gpsd_t, gpsd_exec_t)
@@ -3325,7 +3385,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow gpsd_t self:process setsched;
allow gpsd_t self:shm create_shm_perms;
allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
-@@ -28,6 +35,15 @@
+@@ -28,6 +34,15 @@
manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file })
@@ -3342,8 +3402,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_bind_gpsd_port(gpsd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.12/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/hal.te 2009-09-02 10:30:14.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/hal.te 2010-01-19 12:51:12.067618106 +0100
++++ serefpolicy-3.6.12/policy/modules/services/hal.te 2010-01-19 12:51:30.778607087 +0100
@@ -103,6 +103,7 @@
kernel_rw_irq_sysctls(hald_t)
kernel_rw_vm_sysctls(hald_t)
@@ -3422,7 +3482,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
permissive hald_dccm_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.fc serefpolicy-3.6.12/policy/modules/services/hddtemp.fc
--- nsaserefpolicy/policy/modules/services/hddtemp.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/hddtemp.fc 2009-08-13 08:56:27.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/hddtemp.fc 2010-01-19 12:51:30.779607564 +0100
@@ -0,0 +1,4 @@
+
+/etc/rc\.d/init\.d/hddtemp -- gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0)
@@ -3430,7 +3490,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/sbin/hddtemp -- gen_context(system_u:object_r:hddtemp_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.if serefpolicy-3.6.12/policy/modules/services/hddtemp.if
--- nsaserefpolicy/policy/modules/services/hddtemp.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/hddtemp.if 2009-08-13 08:56:27.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/hddtemp.if 2010-01-19 12:51:30.779607564 +0100
@@ -0,0 +1,38 @@
+## hddtemp hard disk temperature tool running as a daemon
+
@@ -3472,7 +3532,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.te serefpolicy-3.6.12/policy/modules/services/hddtemp.te
--- nsaserefpolicy/policy/modules/services/hddtemp.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/hddtemp.te 2009-08-13 08:56:27.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/hddtemp.te 2010-01-19 12:51:30.780607411 +0100
@@ -0,0 +1,40 @@
+policy_module(hddtemp,1.0.0)
+
@@ -3515,8 +3575,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+permissive hddtemp_t;
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.6.12/policy/modules/services/kerberos.if
---- nsaserefpolicy/policy/modules/services/kerberos.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.if 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/kerberos.if 2010-01-19 12:51:12.073618102 +0100
++++ serefpolicy-3.6.12/policy/modules/services/kerberos.if 2010-01-19 12:51:30.781607539 +0100
@@ -70,6 +70,7 @@
interface(`kerberos_use',`
gen_require(`
@@ -3534,8 +3594,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.12/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.te 2009-07-07 08:19:18.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/kerberos.te 2010-01-19 12:51:12.077608134 +0100
++++ serefpolicy-3.6.12/policy/modules/services/kerberos.te 2010-01-19 12:51:30.781607539 +0100
@@ -277,6 +277,8 @@
#
@@ -3574,8 +3634,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kerberos_use(kpropd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.12/policy/modules/services/lircd.te
---- nsaserefpolicy/policy/modules/services/lircd.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/lircd.te 2009-10-16 13:42:13.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/lircd.te 2010-01-19 12:51:12.082608701 +0100
++++ serefpolicy-3.6.12/policy/modules/services/lircd.te 2010-01-19 12:51:30.782616396 +0100
@@ -45,6 +45,13 @@
dev_filetrans(lircd_t, lircd_sock_t, sock_file )
dev_read_generic_usb_dev(lircd_t)
@@ -3591,8 +3651,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(lircd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.12/policy/modules/services/mailman.if
---- nsaserefpolicy/policy/modules/services/mailman.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/mailman.if 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/mailman.if 2010-01-19 12:51:12.085617812 +0100
++++ serefpolicy-3.6.12/policy/modules/services/mailman.if 2010-01-19 12:51:30.783607654 +0100
@@ -197,6 +197,7 @@
type mailman_data_t;
')
@@ -3602,8 +3662,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
read_lnk_files_pattern($1, mailman_data_t, mailman_data_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.12/policy/modules/services/milter.if
---- nsaserefpolicy/policy/modules/services/milter.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/milter.if 2009-10-16 13:35:27.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/milter.if 2010-01-19 12:51:12.088613515 +0100
++++ serefpolicy-3.6.12/policy/modules/services/milter.if 2010-01-19 12:51:30.783607654 +0100
@@ -35,6 +35,8 @@
# Create other data files and directories in the data directory
manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
@@ -3614,8 +3674,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_syslog_msg($1_milter_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.12/policy/modules/services/mta.if
---- nsaserefpolicy/policy/modules/services/mta.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/mta.if 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/mta.if 2010-01-19 12:51:12.091619973 +0100
++++ serefpolicy-3.6.12/policy/modules/services/mta.if 2010-01-19 12:51:30.789617776 +0100
@@ -473,6 +473,7 @@
')
@@ -3625,8 +3685,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.12/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/mysql.te 2009-11-19 10:03:36.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/mysql.te 2010-01-19 12:51:12.099608000 +0100
++++ serefpolicy-3.6.12/policy/modules/services/mysql.te 2010-01-19 12:51:30.790607217 +0100
@@ -136,15 +136,20 @@
allow mysqld_safe_t self:capability { dac_override fowner chown };
allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
@@ -3650,8 +3710,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_list_sysfs(mysqld_safe_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.12/policy/modules/services/networkmanager.fc
---- nsaserefpolicy/policy/modules/services/networkmanager.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.fc 2010-01-06 11:15:05.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2010-01-19 12:51:12.103608090 +0100
++++ serefpolicy-3.6.12/policy/modules/services/networkmanager.fc 2010-01-19 12:51:30.825608731 +0100
@@ -12,7 +12,9 @@
/usr/sbin/nm-system-settings -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
@@ -3663,8 +3723,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/log/wicd(/.*)? gen_context(system_u:object_r:NetworkManager_log_t,s0)
/var/log/wpa_supplicant.* -- gen_context(system_u:object_r:NetworkManager_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.12/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.te 2010-01-06 16:11:15.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-01-19 12:51:12.105617983 +0100
++++ serefpolicy-3.6.12/policy/modules/services/networkmanager.te 2010-01-19 12:51:30.826608510 +0100
@@ -57,7 +57,9 @@
manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, sock_file)
@@ -3684,8 +3744,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_dgram_send(NetworkManager_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.12/policy/modules/services/nis.te
---- nsaserefpolicy/policy/modules/services/nis.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/nis.te 2009-06-26 15:48:39.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/nis.te 2010-01-19 12:51:12.109608226 +0100
++++ serefpolicy-3.6.12/policy/modules/services/nis.te 2010-01-19 12:51:30.827608147 +0100
@@ -72,8 +72,7 @@
manage_files_pattern(ypbind_t, var_yp_t, var_yp_t)
@@ -3698,7 +3758,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_netlabel(ypbind_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.fc serefpolicy-3.6.12/policy/modules/services/nslcd.fc
--- nsaserefpolicy/policy/modules/services/nslcd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/nslcd.fc 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/nslcd.fc 2010-01-19 12:51:30.828620497 +0100
@@ -0,0 +1,4 @@
+/usr/sbin/nslcd -- gen_context(system_u:object_r:nslcd_exec_t,s0)
+/etc/nss-ldapd.conf -- gen_context(system_u:object_r:nslcd_conf_t,s0)
@@ -3706,7 +3766,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/nslcd(/.*)? gen_context(system_u:object_r:nslcd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.6.12/policy/modules/services/nslcd.if
--- nsaserefpolicy/policy/modules/services/nslcd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/nslcd.if 2009-10-29 22:58:40.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/services/nslcd.if 2010-01-19 12:51:30.829619368 +0100
@@ -0,0 +1,144 @@
+
+## policy for nslcd
@@ -3854,7 +3914,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.te serefpolicy-3.6.12/policy/modules/services/nslcd.te
--- nsaserefpolicy/policy/modules/services/nslcd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.6.12/policy/modules/services/nslcd.te 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/nslcd.te 2010-01-19 12:51:30.830620263 +0100
@@ -0,0 +1,50 @@
+policy_module(nslcd,1.0.0)
+
@@ -3908,7 +3968,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+logging_send_syslog_msg(nslcd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.6.12/policy/modules/services/nx.fc
--- nsaserefpolicy/policy/modules/services/nx.fc 2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/nx.fc 2009-08-20 15:35:42.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/nx.fc 2010-01-19 12:51:30.831620041 +0100
@@ -5,3 +5,6 @@
/opt/NX/var(/.*)? gen_context(system_u:object_r:nx_server_var_run_t,s0)
@@ -3918,7 +3978,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.6.12/policy/modules/services/nx.if
--- nsaserefpolicy/policy/modules/services/nx.if 2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/nx.if 2009-09-14 14:45:30.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/nx.if 2010-01-19 12:51:30.832607946 +0100
@@ -17,3 +17,23 @@
spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
@@ -3945,7 +4005,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.12/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/openvpn.te 2009-08-20 09:42:28.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/openvpn.te 2010-01-19 12:51:30.833608563 +0100
@@ -86,6 +86,7 @@
corenet_udp_bind_openvpn_port(openvpn_t)
corenet_tcp_connect_openvpn_port(openvpn_t)
@@ -3989,7 +4049,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.6.12/policy/modules/services/pcscd.if
--- nsaserefpolicy/policy/modules/services/pcscd.if 2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/pcscd.if 2009-10-02 08:35:36.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/pcscd.if 2010-01-19 12:51:30.834620423 +0100
@@ -53,6 +53,5 @@
')
@@ -4000,7 +4060,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.12/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/pcscd.te 2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/pcscd.te 2010-01-19 12:51:30.835608677 +0100
@@ -28,6 +28,7 @@
allow pcscd_t self:tcp_socket create_stream_socket_perms;
@@ -4019,8 +4079,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
term_dontaudit_getattr_pty_dirs(pcscd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.12/policy/modules/services/polkit.fc
---- nsaserefpolicy/policy/modules/services/polkit.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.fc 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/polkit.fc 2010-01-19 12:51:12.124607968 +0100
++++ serefpolicy-3.6.12/policy/modules/services/polkit.fc 2010-01-19 12:51:30.836608455 +0100
@@ -2,7 +2,7 @@
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:polkit_auth_exec_t,s0)
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:polkit_grant_exec_t,s0)
@@ -4031,8 +4091,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib/PolicyKit(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:polkit_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.12/policy/modules/services/polkit.if
---- nsaserefpolicy/policy/modules/services/polkit.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.if 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/polkit.if 2010-01-19 12:51:12.125608166 +0100
++++ serefpolicy-3.6.12/policy/modules/services/polkit.if 2010-01-19 12:51:30.837608932 +0100
@@ -194,6 +194,7 @@
polkit_domtrans_auth($1)
@@ -4050,8 +4110,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.12/policy/modules/services/polkit.te
---- nsaserefpolicy/policy/modules/services/polkit.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.te 2009-08-07 12:21:31.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/polkit.te 2010-01-19 12:51:12.126608153 +0100
++++ serefpolicy-3.6.12/policy/modules/services/polkit.te 2010-01-19 12:51:30.838620722 +0100
@@ -72,6 +72,7 @@
manage_files_pattern(polkit_t, polkit_var_run_t, polkit_var_run_t)
files_pid_filetrans(polkit_t, polkit_var_run_t, { file dir })
@@ -4070,8 +4130,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_usr_files(polkit_auth_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.12/policy/modules/services/postfix.if
---- nsaserefpolicy/policy/modules/services/postfix.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.if 2009-07-31 13:05:32.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/postfix.if 2010-01-19 12:51:12.130607545 +0100
++++ serefpolicy-3.6.12/policy/modules/services/postfix.if 2010-01-19 12:51:30.840610640 +0100
@@ -112,6 +112,13 @@
template(`postfix_server_domain_template',`
postfix_domain_template($1)
@@ -4113,8 +4173,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## postfix_postdrop domain.
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.12/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.te 2010-01-05 18:40:19.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/postfix.te 2010-01-19 12:51:12.131607463 +0100
++++ serefpolicy-3.6.12/policy/modules/services/postfix.te 2010-01-19 12:51:30.842608869 +0100
@@ -42,9 +42,6 @@
mta_manage_spool(postfix_local_t)
')
@@ -4199,8 +4259,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
stream_connect_pattern(postfix_virtual_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.12/policy/modules/services/postgresql.te
---- nsaserefpolicy/policy/modules/services/postgresql.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/postgresql.te 2009-07-08 21:12:21.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/postgresql.te 2010-01-19 12:51:12.134610988 +0100
++++ serefpolicy-3.6.12/policy/modules/services/postgresql.te 2010-01-19 12:51:30.844608844 +0100
@@ -202,6 +202,7 @@
corenet_tcp_bind_generic_node(postgresql_t)
corenet_tcp_bind_postgresql_port(postgresql_t)
@@ -4218,8 +4278,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(postgresql_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.12/policy/modules/services/ppp.if
---- nsaserefpolicy/policy/modules/services/ppp.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.if 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ppp.if 2010-01-19 12:51:12.136617039 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ppp.if 2010-01-19 12:51:30.845608553 +0100
@@ -177,10 +177,16 @@
interface(`ppp_run',`
gen_require(`
@@ -4238,8 +4298,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.12/policy/modules/services/ppp.te
---- nsaserefpolicy/policy/modules/services/ppp.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.te 2009-08-24 15:30:24.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ppp.te 2010-01-19 12:51:12.137607528 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ppp.te 2010-01-19 12:51:30.846608819 +0100
@@ -218,7 +218,7 @@
# PPTP Local policy
#
@@ -4250,8 +4310,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow pptp_t self:process signal;
allow pptp_t self:fifo_file rw_fifo_file_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.12/policy/modules/services/privoxy.te
---- nsaserefpolicy/policy/modules/services/privoxy.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/privoxy.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/privoxy.te 2010-01-19 12:51:12.140607351 +0100
++++ serefpolicy-3.6.12/policy/modules/services/privoxy.te 2010-01-19 12:51:30.847608668 +0100
@@ -48,8 +48,7 @@
files_pid_filetrans(privoxy_t, privoxy_var_run_t, file)
@@ -4263,8 +4323,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_unlabeled(privoxy_t)
corenet_all_recvfrom_netlabel(privoxy_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.12/policy/modules/services/pyzor.fc
---- nsaserefpolicy/policy/modules/services/pyzor.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/pyzor.fc 2010-01-19 12:51:12.143616532 +0100
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc 2010-01-19 12:51:30.848608445 +0100
@@ -3,6 +3,8 @@
HOME_DIR/\.pyzor(/.*)? gen_context(system_u:object_r:pyzor_home_t,s0)
@@ -4275,8 +4335,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/bin/pyzor -- gen_context(system_u:object_r:pyzor_exec_t,s0)
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.12/policy/modules/services/pyzor.te
---- nsaserefpolicy/policy/modules/services/pyzor.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/pyzor.te 2010-01-19 12:51:12.144615892 +0100
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.te 2010-01-19 12:51:30.849608852 +0100
@@ -97,6 +97,8 @@
kernel_read_kernel_sysctls(pyzor_t)
kernel_read_system_state(pyzor_t)
@@ -4288,7 +4348,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.12/policy/modules/services/radvd.te
--- nsaserefpolicy/policy/modules/services/radvd.te 2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/radvd.te 2009-09-29 18:03:17.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/radvd.te 2010-01-19 12:51:30.850608490 +0100
@@ -23,7 +23,7 @@
# Local policy
#
@@ -4300,7 +4360,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow radvd_t self:unix_stream_socket create_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.6.12/policy/modules/services/rpcbind.if
--- nsaserefpolicy/policy/modules/services/rpcbind.if 2009-04-07 21:54:47.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/rpcbind.if 2009-09-14 15:08:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/rpcbind.if 2010-01-19 12:51:30.851608618 +0100
@@ -95,6 +95,26 @@
files_search_var_lib($1)
')
@@ -4329,8 +4389,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
## All of the rules required to administrate
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-09-14 14:31:36.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/rpc.te 2010-01-19 12:51:12.151616852 +0100
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2010-01-19 12:51:30.852608395 +0100
@@ -95,6 +95,10 @@
userdom_signal_unpriv_users(rpcd_t)
@@ -4382,8 +4442,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.12/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/rsync.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/rsync.te 2010-01-19 12:51:12.152611462 +0100
++++ serefpolicy-3.6.12/policy/modules/services/rsync.te 2010-01-19 12:51:30.853620256 +0100
@@ -126,6 +126,8 @@
tunable_policy(`rsync_export_all_ro',`
@@ -4394,8 +4454,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_read_all_files_except_shadow(rsync_t)
auth_read_all_symlinks_except_shadow(rsync_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.12/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/samba.te 2010-01-06 13:53:59.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/samba.te 2010-01-19 12:51:12.156607571 +0100
++++ serefpolicy-3.6.12/policy/modules/services/samba.te 2010-01-19 12:51:30.855608708 +0100
@@ -280,6 +280,9 @@
files_pid_filetrans(smbd_t, smbd_var_run_t, file)
@@ -4442,8 +4502,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+userdom_use_user_terminals(smbcontrol_t)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.12/policy/modules/services/sasl.te
---- nsaserefpolicy/policy/modules/services/sasl.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sasl.te 2009-09-29 18:20:22.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/sasl.te 2010-01-19 12:51:12.157607418 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sasl.te 2010-01-19 12:51:30.856608276 +0100
@@ -31,7 +31,7 @@
# Local policy
#
@@ -4465,8 +4525,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kerberos_manage_host_rcache(saslauthd_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.12/policy/modules/services/sendmail.if
---- nsaserefpolicy/policy/modules/services/sendmail.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sendmail.if 2009-07-31 13:22:05.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/sendmail.if 2010-01-19 12:51:12.157607418 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sendmail.if 2010-01-19 12:51:30.857608613 +0100
@@ -92,6 +92,24 @@
allow $1 sendmail_t:unix_stream_socket { getattr read write ioctl };
')
@@ -4518,9 +4578,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.12/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sendmail.te 2009-07-24 15:40:05.000000000 +0200
-@@ -131,6 +131,10 @@
+--- nsaserefpolicy/policy/modules/services/sendmail.te 2010-01-19 12:51:12.158607406 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sendmail.te 2010-01-19 13:00:53.365857108 +0100
+@@ -131,7 +131,12 @@
')
optional_policy(`
@@ -4529,9 +4589,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+optional_policy(`
fail2ban_read_lib_files(sendmail_t)
++ fail2ban_rw_stream_sockets(sendmail_t)
')
-@@ -148,6 +152,7 @@
+ optional_policy(`
+@@ -148,6 +153,7 @@
optional_policy(`
postfix_domtrans_postdrop(sendmail_t)
@@ -4539,7 +4601,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
postfix_domtrans_master(sendmail_t)
postfix_read_config(sendmail_t)
postfix_search_spool(sendmail_t)
-@@ -186,6 +191,6 @@
+@@ -186,6 +192,6 @@
optional_policy(`
mta_etc_filetrans_aliases(unconfined_sendmail_t)
@@ -4548,8 +4610,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te 2009-07-17 08:50:23.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2010-01-19 12:51:12.160607451 +0100
++++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te 2010-01-19 12:51:30.859608518 +0100
@@ -81,6 +81,7 @@
domain_dontaudit_search_all_domains_state(setroubleshootd_t)
@@ -4570,7 +4632,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dbus_connect_system_bus(setroubleshootd_t)
dbus_system_domain(setroubleshootd_t, setroubleshootd_exec_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.fc serefpolicy-3.6.12/policy/modules/services/shorewall.fc
---- nsaserefpolicy/policy/modules/services/shorewall.fc 2009-06-25 10:19:44.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/shorewall.fc 2010-01-19 12:51:12.161608276 +0100
+++ serefpolicy-3.6.12/policy/modules/services/shorewall.fc 1970-01-01 01:00:00.000000000 +0100
@@ -1,12 +0,0 @@
-
@@ -4586,7 +4648,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/var/lib/shorewall(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
-/var/lib/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.if serefpolicy-3.6.12/policy/modules/services/shorewall.if
---- nsaserefpolicy/policy/modules/services/shorewall.if 2009-06-25 10:19:44.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/shorewall.if 2010-01-19 12:51:12.162608683 +0100
+++ serefpolicy-3.6.12/policy/modules/services/shorewall.if 1970-01-01 01:00:00.000000000 +0100
@@ -1,166 +0,0 @@
-## policy for shorewall
@@ -4756,7 +4818,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-')
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.te serefpolicy-3.6.12/policy/modules/services/shorewall.te
---- nsaserefpolicy/policy/modules/services/shorewall.te 2009-06-25 10:19:44.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/shorewall.te 2010-01-19 12:51:12.163608950 +0100
+++ serefpolicy-3.6.12/policy/modules/services/shorewall.te 1970-01-01 01:00:00.000000000 +0100
@@ -1,102 +0,0 @@
-policy_module(shorewall,1.0.0)
@@ -4862,8 +4924,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-permissive shorewall_t;
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.6.12/policy/modules/services/smartmon.te
---- nsaserefpolicy/policy/modules/services/smartmon.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/smartmon.te 2009-09-02 10:27:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/smartmon.te 2010-01-19 12:51:12.164608588 +0100
++++ serefpolicy-3.6.12/policy/modules/services/smartmon.te 2010-01-19 12:51:30.864608386 +0100
@@ -28,9 +28,9 @@
# Local policy
#
@@ -4878,7 +4940,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow fsdaemon_t self:unix_stream_socket create_stream_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.6.12/policy/modules/services/snmp.if
--- nsaserefpolicy/policy/modules/services/snmp.if 2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/snmp.if 2009-09-17 10:38:55.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/snmp.if 2010-01-19 12:51:30.864608386 +0100
@@ -28,6 +28,24 @@
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -4931,8 +4993,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
## All of the rules required to administrate
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.6.12/policy/modules/services/snmp.te
---- nsaserefpolicy/policy/modules/services/snmp.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/snmp.te 2010-01-05 18:41:36.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/snmp.te 2010-01-19 12:51:12.166620157 +0100
++++ serefpolicy-3.6.12/policy/modules/services/snmp.te 2010-01-19 12:51:30.866608710 +0100
@@ -27,7 +27,7 @@
#
allow snmpd_t self:capability { dac_override kill ipc_lock sys_ptrace net_admin sys_nice sys_tty_config };
@@ -4952,8 +5014,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_list_sysfs(snmpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
---- nsaserefpolicy/policy/modules/services/spamassassin.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc 2009-08-19 17:48:56.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2010-01-19 12:51:12.169618094 +0100
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc 2010-01-19 12:51:30.867608418 +0100
@@ -1,13 +1,15 @@
+/root/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
@@ -4980,8 +5042,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/spool/MD-Quarantine(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
+/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.12/policy/modules/services/spamassassin.if
---- nsaserefpolicy/policy/modules/services/spamassassin.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.if 2010-01-05 18:39:03.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/spamassassin.if 2010-01-19 12:51:12.170617872 +0100
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.if 2010-01-19 12:51:30.868612806 +0100
@@ -246,6 +246,24 @@
stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t)
')
@@ -5008,8 +5070,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
## All of the rules required to administrate
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.12/policy/modules/services/spamassassin.te
---- nsaserefpolicy/policy/modules/services/spamassassin.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te 2009-09-16 12:19:24.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/spamassassin.te 2010-01-19 12:51:12.172608000 +0100
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te 2010-01-19 12:51:30.870608939 +0100
@@ -263,6 +263,7 @@
corenet_tcp_sendrecv_generic_node(spamc_t)
corenet_tcp_connect_spamd_port(spamc_t)
@@ -5027,8 +5089,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_dirs_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.6.12/policy/modules/services/squid.te
---- nsaserefpolicy/policy/modules/services/squid.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/squid.te 2009-08-23 20:37:28.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/squid.te 2010-01-19 12:51:12.176608090 +0100
++++ serefpolicy-3.6.12/policy/modules/services/squid.te 2010-01-19 12:51:30.871608089 +0100
@@ -67,7 +67,9 @@
can_exec(squid_t, squid_exec_t)
@@ -5040,8 +5102,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern(squid_t, squid_var_run_t, squid_var_run_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.12/policy/modules/services/ssh.if
---- nsaserefpolicy/policy/modules/services/ssh.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ssh.if 2009-07-20 14:31:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ssh.if 2010-01-19 12:51:12.179618389 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ssh.if 2010-01-19 12:51:30.873608483 +0100
@@ -187,7 +187,7 @@
allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid net_admin setgid setuid sys_tty_config };
@@ -5077,8 +5139,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.12/policy/modules/services/ssh.te
---- nsaserefpolicy/policy/modules/services/ssh.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/ssh.te 2009-09-22 17:01:21.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/ssh.te 2010-01-19 12:51:12.180607272 +0100
++++ serefpolicy-3.6.12/policy/modules/services/ssh.te 2010-01-19 12:51:30.874608540 +0100
@@ -133,6 +133,12 @@
read_files_pattern(ssh_server,home_ssh_t,home_ssh_t)
read_lnk_files_pattern(ssh_server,home_ssh_t,home_ssh_t)
@@ -5112,8 +5174,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.fc serefpolicy-3.6.12/policy/modules/services/sssd.fc
---- nsaserefpolicy/policy/modules/services/sssd.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sssd.fc 2009-10-29 22:53:13.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/sssd.fc 2010-01-19 12:51:12.181611868 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sssd.fc 2010-01-19 12:51:30.875608179 +0100
@@ -1,6 +1,9 @@
+/etc/rc\.d/init\.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0)
@@ -5127,8 +5189,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.6.12/policy/modules/services/sssd.if
---- nsaserefpolicy/policy/modules/services/sssd.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sssd.if 2009-10-29 23:03:38.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/sssd.if 2010-01-19 12:51:12.182608294 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sssd.if 2010-01-19 12:51:30.876608376 +0100
@@ -1,5 +1,4 @@
-
-## policy for sssd
@@ -5155,7 +5217,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
##
## Search sssd lib directories.
-@@ -196,8 +192,7 @@
+@@ -196,8 +193,7 @@
')
files_search_pids($1)
@@ -5165,7 +5227,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -241,9 +235,7 @@
+@@ -241,9 +237,7 @@
role_transition $2 sssd_initrc_exec_t system_r;
allow $2 system_r;
@@ -5178,9 +5240,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.6.12/policy/modules/services/sssd.te
---- nsaserefpolicy/policy/modules/services/sssd.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/sssd.te 2009-10-29 23:01:59.000000000 +0100
-@@ -9,54 +10,51 @@
+--- nsaserefpolicy/policy/modules/services/sssd.te 2010-01-19 12:51:12.183620783 +0100
++++ serefpolicy-3.6.12/policy/modules/services/sssd.te 2010-01-19 12:51:30.878608770 +0100
+@@ -9,54 +9,51 @@
type sssd_exec_t;
init_daemon_domain(sssd_t, sssd_exec_t)
@@ -5253,7 +5315,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(sssd_t)
auth_domtrans_chk_passwd(sssd_t)
auth_domtrans_upd_passwd(sssd_t)
-@@ -68,6 +66,8 @@
+@@ -68,6 +65,8 @@
miscfiles_read_localization(sssd_t)
@@ -5264,7 +5326,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dbus_connect_system_bus(sssd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-3.6.12/policy/modules/services/tftp.fc
--- nsaserefpolicy/policy/modules/services/tftp.fc 2009-04-07 21:54:45.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/tftp.fc 2009-10-16 15:01:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/tftp.fc 2010-01-19 12:51:30.879608478 +0100
@@ -5,4 +5,4 @@
/tftpboot -d gen_context(system_u:object_r:tftpdir_t,s0)
/tftpboot/.* gen_context(system_u:object_r:tftpdir_t,s0)
@@ -5272,8 +5334,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_t,s0)
+/var/lib/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_rw_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.12/policy/modules/services/uucp.te
---- nsaserefpolicy/policy/modules/services/uucp.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/uucp.te 2009-07-07 09:47:39.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/uucp.te 2010-01-19 12:51:12.189618124 +0100
++++ serefpolicy-3.6.12/policy/modules/services/uucp.te 2010-01-19 12:51:30.880608326 +0100
@@ -95,6 +95,8 @@
files_search_home(uucpd_t)
files_search_spool(uucpd_t)
@@ -5284,8 +5346,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_syslog_msg(uucpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.12/policy/modules/services/virt.fc
---- nsaserefpolicy/policy/modules/services/virt.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/virt.fc 2009-09-16 13:17:05.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/virt.fc 2010-01-19 12:51:12.192608379 +0100
++++ serefpolicy-3.6.12/policy/modules/services/virt.fc 2010-01-19 12:51:30.882608650 +0100
@@ -10,6 +10,7 @@
/var/lib/libvirt/images(/.*)? gen_context(system_u:object_r:virt_image_t,s0)
/var/lib/libvirt/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
@@ -5295,8 +5357,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/log/libvirt(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
/var/run/libvirt(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
---- nsaserefpolicy/policy/modules/services/virt.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/virt.te 2010-01-06 14:47:34.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/virt.te 2010-01-19 12:51:12.195618608 +0100
++++ serefpolicy-3.6.12/policy/modules/services/virt.te 2010-01-19 12:51:30.883608708 +0100
@@ -22,6 +22,13 @@
##
@@ -5386,8 +5448,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.12/policy/modules/services/xserver.fc
---- nsaserefpolicy/policy/modules/services/xserver.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.fc 2009-09-29 18:24:34.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/xserver.fc 2010-01-19 12:51:12.197618304 +0100
++++ serefpolicy-3.6.12/policy/modules/services/xserver.fc 2010-01-19 12:51:30.884608137 +0100
@@ -13,6 +13,7 @@
HOME_DIR/\.dmrc -- gen_context(system_u:object_r:xdm_home_t,s0)
@@ -5413,8 +5475,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/xauth(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.12/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.if 2009-08-05 23:23:17.000000000 +0200
+--- nsaserefpolicy/policy/modules/services/xserver.if 2010-01-19 12:51:12.199608012 +0100
++++ serefpolicy-3.6.12/policy/modules/services/xserver.if 2010-01-19 12:51:30.886608531 +0100
@@ -599,9 +599,10 @@
#
interface(`xserver_use_xdm_fds',`
@@ -5489,8 +5551,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow $1 xdm_t:x_client { getattr destroy };
allow $1 xdm_t:x_drawable { read receive get_property getattr send list_child add_child };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.12/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.te 2009-11-16 15:19:31.000000000 +0100
+--- nsaserefpolicy/policy/modules/services/xserver.te 2010-01-19 12:51:12.202607975 +0100
++++ serefpolicy-3.6.12/policy/modules/services/xserver.te 2010-01-19 12:51:30.889608563 +0100
@@ -339,6 +339,8 @@
allow xdm_t self:appletalk_socket create_socket_perms;
allow xdm_t self:key { search link write };
@@ -5561,8 +5623,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
unconfined_domtrans(xserver_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.12/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.fc 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/authlogin.fc 2010-01-19 12:51:12.206620357 +0100
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.fc 2010-01-19 12:51:30.890608760 +0100
@@ -24,6 +24,8 @@
/usr/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
')
@@ -5578,8 +5640,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.12/policy/modules/system/authlogin.if
---- nsaserefpolicy/policy/modules/system/authlogin.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.if 2009-10-29 23:01:14.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/authlogin.if 2010-01-19 12:51:12.208618307 +0100
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.if 2010-01-19 12:51:30.893608653 +0100
@@ -30,6 +30,53 @@
dontaudit $2 shadow_t:file read_file_perms;
')
@@ -5918,8 +5980,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-')
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.12/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/authlogin.te 2010-01-19 12:51:12.210617933 +0100
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.te 2010-01-19 12:51:30.895608838 +0100
@@ -1,5 +1,5 @@
-policy_module(authlogin, 2.0.0)
@@ -6016,9 +6078,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_manage_etc_files(updpwd_t)
term_dontaudit_use_console(updpwd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.6.12/policy/modules/system/hotplug.te
+--- nsaserefpolicy/policy/modules/system/hotplug.te 2009-04-07 21:54:48.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/hotplug.te 2010-01-19 12:58:18.335608750 +0100
+@@ -125,6 +125,10 @@
+ ')
+
+ optional_policy(`
++ brctl_domtrans(hotplug_t)
++')
++
++optional_policy(`
+ consoletype_exec(hotplug_t)
+ ')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.12/policy/modules/system/init.fc
---- nsaserefpolicy/policy/modules/system/init.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/init.fc 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/init.fc 2010-01-19 12:51:12.213607908 +0100
++++ serefpolicy-3.6.12/policy/modules/system/init.fc 2010-01-19 12:51:30.895608838 +0100
@@ -6,6 +6,8 @@
/etc/rc\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
/etc/rc\.d/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -6029,8 +6105,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/etc/X11/prefdm -- gen_context(system_u:object_r:initrc_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.12/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/init.te 2009-09-14 14:35:30.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/init.te 2010-01-19 12:51:12.218608055 +0100
++++ serefpolicy-3.6.12/policy/modules/system/init.te 2010-01-19 12:51:30.897609022 +0100
@@ -285,6 +285,7 @@
kernel_dontaudit_getattr_message_if(initrc_t)
kernel_stream_connect(initrc_t)
@@ -6066,8 +6142,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.12/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/ipsec.te 2009-08-20 13:08:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/ipsec.te 2010-01-19 12:51:12.219617681 +0100
++++ serefpolicy-3.6.12/policy/modules/system/ipsec.te 2010-01-19 12:51:30.898618857 +0100
@@ -1,11 +1,18 @@
-policy_module(ipsec, 1.9.0)
@@ -6251,8 +6327,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# allow setkey to set the context for ipsec SAs and policy.
ipsec_setcontext_default_spd(setkey_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.6.12/policy/modules/system/iptables.te
---- nsaserefpolicy/policy/modules/system/iptables.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/iptables.te 2009-10-29 22:49:15.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/iptables.te 2010-01-19 12:51:12.220618087 +0100
++++ serefpolicy-3.6.12/policy/modules/system/iptables.te 2010-01-19 12:51:30.899617658 +0100
@@ -101,10 +101,18 @@
')
@@ -6273,8 +6349,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.12/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/iscsi.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/iscsi.te 2010-01-19 12:51:12.222607936 +0100
++++ serefpolicy-3.6.12/policy/modules/system/iscsi.te 2010-01-19 12:51:30.900616179 +0100
@@ -69,6 +69,7 @@
dev_rw_sysfs(iscsid_t)
@@ -6284,8 +6360,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(iscsid_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2010-01-05 18:53:24.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/libraries.fc 2010-01-19 12:51:12.224618317 +0100
++++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2010-01-19 12:51:30.901607506 +0100
@@ -139,8 +139,10 @@
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/fglrx/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -6361,8 +6437,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/chromium-browser/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.12/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/locallogin.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/locallogin.te 2010-01-19 12:51:12.226618013 +0100
++++ serefpolicy-3.6.12/policy/modules/system/locallogin.te 2010-01-19 12:51:30.902612103 +0100
@@ -211,6 +211,7 @@
# Sulogin local policy
#
@@ -6384,8 +6460,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`sulogin_no_pam', `
allow sulogin_t self:capability sys_tty_config;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.6.12/policy/modules/system/logging.fc
---- nsaserefpolicy/policy/modules/system/logging.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/logging.fc 2009-09-29 18:32:45.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/logging.fc 2010-01-19 12:51:12.227608292 +0100
++++ serefpolicy-3.6.12/policy/modules/system/logging.fc 2010-01-19 12:51:30.903607202 +0100
@@ -50,6 +50,7 @@
')
@@ -6395,8 +6471,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.6.12/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/logging.te 2009-09-29 14:05:27.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/logging.te 2010-01-19 12:51:12.230617963 +0100
++++ serefpolicy-3.6.12/policy/modules/system/logging.te 2010-01-19 12:51:30.903607202 +0100
@@ -481,6 +481,10 @@
')
@@ -6410,7 +6486,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.6.12/policy/modules/system/miscfiles.fc
--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2009-04-07 21:54:48.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/miscfiles.fc 2009-07-30 17:46:06.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/miscfiles.fc 2010-01-19 12:51:30.904615849 +0100
@@ -11,6 +11,7 @@
/etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
@@ -6420,8 +6496,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
ifdef(`distro_redhat',`
/etc/sysconfig/clock -- gen_context(system_u:object_r:locale_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.6.12/policy/modules/system/miscfiles.if
---- nsaserefpolicy/policy/modules/system/miscfiles.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/miscfiles.if 2009-11-16 15:23:38.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/miscfiles.if 2010-01-19 12:51:12.233607519 +0100
++++ serefpolicy-3.6.12/policy/modules/system/miscfiles.if 2010-01-19 12:51:30.905607456 +0100
@@ -272,6 +272,24 @@
allow $1 locale_t:file execute;
')
@@ -6448,8 +6524,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
## Do not audit attempts to search man pages.
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.12/policy/modules/system/mount.if
---- nsaserefpolicy/policy/modules/system/mount.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/mount.if 2009-09-08 13:12:41.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/mount.if 2010-01-19 12:51:12.236617958 +0100
++++ serefpolicy-3.6.12/policy/modules/system/mount.if 2010-01-19 12:51:30.907607780 +0100
@@ -175,7 +175,9 @@
interface(`mount_signal',`
gen_require(`
@@ -6461,8 +6537,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 unconfined_mount_t:process signal;
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.12/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/mount.te 2009-08-11 10:04:04.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/mount.te 2010-01-19 12:51:12.238608295 +0100
++++ serefpolicy-3.6.12/policy/modules/system/mount.te 2010-01-19 12:51:30.908607838 +0100
@@ -72,6 +72,7 @@
dev_list_all_dev_nodes(mount_t)
dev_read_usbfs(mount_t)
@@ -6472,8 +6548,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
dev_dontaudit_getattr_all_chr_files(mount_t)
dev_dontaudit_getattr_memory_dev(mount_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.12/policy/modules/system/sysnetwork.if
---- nsaserefpolicy/policy/modules/system/sysnetwork.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.if 2009-08-12 10:55:14.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2010-01-19 12:51:12.258607697 +0100
++++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.if 2010-01-19 12:51:30.909607476 +0100
@@ -281,6 +281,7 @@
')
@@ -6483,8 +6559,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.12/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.te 2009-07-17 09:43:41.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-01-19 12:51:12.259607335 +0100
++++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.te 2010-01-19 12:51:30.909607476 +0100
@@ -45,7 +45,7 @@
# DHCP client local policy
#
@@ -6542,7 +6618,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.12/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2009-04-07 21:54:48.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/udev.fc 2009-07-30 17:22:30.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/udev.fc 2010-01-19 12:51:30.910607394 +0100
@@ -5,6 +5,7 @@
/etc/dev\.d/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
@@ -6552,8 +6628,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.12/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/udev.te 2009-08-13 18:24:35.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/udev.te 2010-01-19 12:51:12.260607322 +0100
++++ serefpolicy-3.6.12/policy/modules/system/udev.te 2010-01-19 12:51:30.911607381 +0100
@@ -67,6 +67,7 @@
manage_dirs_pattern(udev_t,udev_var_run_t,udev_var_run_t)
@@ -6592,17 +6668,29 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_write_xen_state(udev_t)
kernel_read_xen_state(udev_t)
xen_manage_log(udev_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.12/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2010-01-19 12:51:12.261616599 +0100
++++ serefpolicy-3.6.12/policy/modules/system/unconfined.if 2010-01-19 13:07:33.863608811 +0100
+@@ -21,6 +21,8 @@
+ allow $1 self:capability all_capabilities;
+ allow $1 self:fifo_file manage_fifo_file_perms;
+
++ allow $1 self:socket_class_set create_socket_perms;
++
+ # Transition to myself, to make get_ordered_context_list happy.
+ allow $1 self:process transition;
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.6.12/policy/modules/system/userdomain.fc
---- nsaserefpolicy/policy/modules/system/userdomain.fc 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.fc 2010-01-06 16:10:17.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.fc 2010-01-19 12:51:12.263607495 +0100
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.fc 2010-01-19 12:51:30.911607381 +0100
@@ -5,3 +5,4 @@
/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
/dev/shm/pulse-shm.* gen_context(system_u:object_r:user_tmpfs_t,s0)
/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
+HOME_DIR/\.cert(/.*)? gen_context(system_u:object_r:home_cert_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.12/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if 2010-01-06 16:08:08.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2010-01-19 12:51:12.266607248 +0100
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.if 2010-01-19 12:51:30.913607357 +0100
@@ -443,6 +443,9 @@
dev_rw_usbfs($1)
dev_rw_generic_usb_dev($1)
@@ -6728,8 +6816,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ read_lnk_files_pattern($1, home_cert_t, home_cert_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.6.12/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.te 2010-01-06 16:05:29.000000000 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2010-01-19 12:51:12.268618607 +0100
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.te 2010-01-19 12:51:30.915607401 +0100
@@ -92,6 +92,10 @@
dev_node(user_tty_device_t)
ubac_constrained(user_tty_device_t)
@@ -6742,8 +6830,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
term_use_console(userdomain)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.12/policy/modules/system/virtual.te
---- nsaserefpolicy/policy/modules/system/virtual.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/virtual.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/virtual.te 2010-01-19 12:51:12.270618023 +0100
++++ serefpolicy-3.6.12/policy/modules/system/virtual.te 2010-01-19 12:51:30.915607401 +0100
@@ -38,6 +38,7 @@
dev_read_sound(virtualdomain)
dev_write_sound(virtualdomain)
@@ -6764,8 +6852,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
virt_read_lib_files(virtualdomain)
virt_read_content(virtualdomain)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.12/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/xen.te 2009-06-25 10:21:01.000000000 +0200
+--- nsaserefpolicy/policy/modules/system/xen.te 2010-01-19 12:51:12.272607522 +0100
++++ serefpolicy-3.6.12/policy/modules/system/xen.te 2010-01-19 12:51:30.916615840 +0100
@@ -419,6 +419,7 @@
kernel_read_xen_state(xm_ssh_t)
kernel_write_xen_state(xm_ssh_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 7e23039..440fbac 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.12
-Release: 93%{?dist}
+Release: 94%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -442,6 +442,12 @@ exit 0
%endif
%changelog
+* Tue Jan 19 2010 Miroslav Grepl 3.6.12-94
+- Allow hotplug to transition to brctl domain
+- Allow sendmail to read and write to an fail2ban unix stream socket
+- Allow dovecot to read and write files stored on a NFS filesytem
+- Allow locate to read all noxattrfs symbolic links
+
* Wed Jan 6 2010 Miroslav Grepl 3.6.12-93
- Add labeling for /etc/NetworkManager directory
- Add home_cert type and appropriate labeling