diff --git a/modules-targeted.conf b/modules-targeted.conf
index 33de0d0..843f7fb 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1556,3 +1556,10 @@ munin = module
# An IRC to other chat networks gateway
#
bitlbee = module
+
+# Layer: services
+# Module: nx
+#
+# NX Remote Desktop
+#
+nx = module
diff --git a/policy-20070703.patch b/policy-20070703.patch
index 92b19e6..861116e 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -15607,7 +15607,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2008-01-13 08:42:50.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2008-01-15 13:51:25.000000000 -0500
@@ -26,7 +26,8 @@
type $1_chkpwd_t, can_read_shadow_passwords;
application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -15636,16 +15636,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
dontaudit $2 shadow_t:file { getattr read };
# Transition from the user domain to this domain.
-@@ -120,6 +119,8 @@
+@@ -120,6 +119,7 @@
# Write to the user domain tty.
userdom_use_user_terminals($1,$1_chkpwd_t)
+ userdom_dontaudit_write_user_home_content_files($1, pam_t)
-+
')
########################################
-@@ -169,6 +170,10 @@
+@@ -169,6 +169,10 @@
##
#
interface(`auth_login_pgm_domain',`
@@ -15656,7 +15655,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
domain_type($1)
domain_subj_id_change_exemption($1)
-@@ -176,11 +181,34 @@
+@@ -176,11 +180,34 @@
domain_obj_id_change_exemption($1)
role system_r types $1;
@@ -15691,7 +15690,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
selinux_get_fs_mount($1)
selinux_validate_context($1)
selinux_compute_access_vector($1)
-@@ -196,20 +224,48 @@
+@@ -196,20 +223,48 @@
mls_fd_share_all_levels($1)
auth_domtrans_chk_passwd($1)
@@ -15741,7 +15740,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all($1)
')
-@@ -309,9 +365,6 @@
+@@ -309,9 +364,6 @@
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
')
@@ -15751,7 +15750,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
corecmd_search_bin($1)
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
-@@ -329,6 +382,8 @@
+@@ -329,6 +381,8 @@
optional_policy(`
kerberos_use($1)
@@ -15760,7 +15759,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
optional_policy(`
-@@ -347,6 +402,37 @@
+@@ -347,6 +401,37 @@
########################################
##
@@ -15798,7 +15797,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
## Get the attributes of the shadow passwords file.
##
##
-@@ -695,6 +781,24 @@
+@@ -695,6 +780,24 @@
########################################
##
@@ -15823,7 +15822,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
## Execute pam programs in the PAM domain.
##
##
-@@ -1318,16 +1422,14 @@
+@@ -1318,16 +1421,14 @@
##
#
interface(`auth_use_nsswitch',`
@@ -15843,7 +15842,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
miscfiles_read_certs($1)
sysnet_dns_name_resolve($1)
-@@ -1347,6 +1449,8 @@
+@@ -1347,6 +1448,8 @@
optional_policy(`
samba_stream_connect_winbind($1)
@@ -15852,7 +15851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
')
-@@ -1381,3 +1485,181 @@
+@@ -1381,3 +1484,181 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -16036,7 +16035,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-01-13 08:42:16.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-01-15 13:51:53.000000000 -0500
@@ -9,6 +9,13 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -16087,13 +16086,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
term_use_all_user_ttys(pam_t)
term_use_all_user_ptys(pam_t)
-@@ -111,19 +129,14 @@
+@@ -111,19 +129,15 @@
logging_send_syslog_msg(pam_t)
userdom_use_unpriv_users_fds(pam_t)
+userdom_write_unpriv_users_tmp_files(pam_t)
+userdom_dontaudit_read_unpriv_users_home_content_files(pam_t)
+userdom_unlink_unpriv_users_tmp_files(pam_t)
++userdom_append_unpriv_users_home_content_files(pam_t)
optional_policy(`
locallogin_use_fds(pam_t)
@@ -16110,7 +16110,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
########################################
#
# PAM console local policy
-@@ -149,6 +162,8 @@
+@@ -149,6 +163,8 @@
dev_setattr_apm_bios_dev(pam_console_t)
dev_getattr_dri_dev(pam_console_t)
dev_setattr_dri_dev(pam_console_t)
@@ -16119,7 +16119,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
dev_getattr_framebuffer_dev(pam_console_t)
dev_setattr_framebuffer_dev(pam_console_t)
dev_getattr_generic_usb_dev(pam_console_t)
-@@ -159,6 +174,8 @@
+@@ -159,6 +175,8 @@
dev_setattr_mouse_dev(pam_console_t)
dev_getattr_power_mgmt_dev(pam_console_t)
dev_setattr_power_mgmt_dev(pam_console_t)
@@ -16128,7 +16128,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
dev_getattr_scanner_dev(pam_console_t)
dev_setattr_scanner_dev(pam_console_t)
dev_getattr_sound_dev(pam_console_t)
-@@ -200,6 +217,7 @@
+@@ -200,6 +218,7 @@
fs_list_auto_mountpoints(pam_console_t)
fs_list_noxattr_fs(pam_console_t)
@@ -16136,7 +16136,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
init_use_fds(pam_console_t)
init_use_script_ptys(pam_console_t)
-@@ -236,7 +254,7 @@
+@@ -236,7 +255,7 @@
optional_policy(`
xserver_read_xdm_pid(pam_console_t)
@@ -16145,7 +16145,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
########################################
-@@ -256,6 +274,7 @@
+@@ -256,6 +275,7 @@
userdom_dontaudit_use_unpriv_users_ttys(system_chkpwd_t)
userdom_dontaudit_use_unpriv_users_ptys(system_chkpwd_t)
userdom_dontaudit_use_sysadm_terms(system_chkpwd_t)
@@ -16153,7 +16153,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
########################################
#
-@@ -302,3 +321,28 @@
+@@ -302,3 +322,28 @@
xserver_use_xdm_fds(utempter_t)
xserver_rw_xdm_pipes(utempter_t)
')
@@ -16635,7 +16635,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.0.8/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.te 2008-01-08 13:53:49.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/init.te 2008-01-15 09:56:24.000000000 -0500
@@ -10,6 +10,20 @@
# Declarations
#
@@ -16764,7 +16764,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
+# Cron jobs used to start and stop services
+optional_policy(`
-+ cron_read_pipes(daemon)
++ cron_rw_pipes(daemon)
+')
+
+optional_policy(`
@@ -17033,7 +17033,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.8/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2008-01-14 12:58:26.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2008-01-15 08:23:50.000000000 -0500
@@ -65,11 +65,15 @@
/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
/opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -19747,7 +19747,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-01-15 08:07:59.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-01-15 13:51:31.000000000 -0500
@@ -29,8 +29,9 @@
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c3cbc43..c0e1bc4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 76%{?dist}
+Release: 77%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
%endif
%changelog
+* Tue Jan 15 2008 Dan Walsh 3.0.8-77
+- Allow daemons to write to cron fifo_files
+
* Mon Jan 14 2008 Dan Walsh 3.0.8-76
- Fix filecontext for networkmanagerlog files
- Allow mount to read samba config