|
|
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv22945
Modified Files:
policy-20060207.patch selinux-policy.spec
Log Message:
* Wed Mar 17 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 2.2.24-1
- Update to upstream
policy-20060207.patch:
Rules.modular | 2
policy/mcs | 4
policy/modules/admin/bootloader.te | 2
policy/modules/admin/dmidecode.te | 2
policy/modules/admin/readahead.te | 2
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 3
policy/modules/admin/rpm.te | 1
policy/modules/admin/su.fc | 1
policy/modules/admin/su.if | 6
policy/modules/admin/updfstab.te | 4
policy/modules/admin/vbetool.te | 9 +
policy/modules/kernel/corenetwork.te.in | 5
policy/modules/kernel/devices.fc | 1
policy/modules/kernel/devices.if | 21 ++-
policy/modules/kernel/files.fc | 8 -
policy/modules/kernel/files.if | 21 ++-
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.if | 102 ++++++++++++++
policy/modules/kernel/kernel.te | 3
policy/modules/kernel/terminal.if | 2
policy/modules/services/apache.fc | 2
policy/modules/services/apache.if | 5
policy/modules/services/apm.fc | 2
policy/modules/services/apm.te | 4
policy/modules/services/bluetooth.te | 38 ++---
policy/modules/services/cron.te | 3
policy/modules/services/cups.fc | 2
policy/modules/services/cups.if | 22 +++
policy/modules/services/cups.te | 7 -
policy/modules/services/cvs.te | 2
policy/modules/services/hal.if | 41 +++++
policy/modules/services/hal.te | 17 ++
policy/modules/services/ktalk.fc | 1
policy/modules/services/ktalk.te | 6
policy/modules/services/mailman.if | 25 +++
policy/modules/services/nis.fc | 1
policy/modules/services/nis.if | 25 +++
policy/modules/services/nis.te | 28 ++++
policy/modules/services/nscd.if | 2
policy/modules/services/pegasus.te | 1
policy/modules/services/postfix.te | 4
policy/modules/services/samba.te | 2
policy/modules/services/sendmail.te | 1
policy/modules/services/xserver.if | 20 ++
policy/modules/system/fstools.if | 18 ++
policy/modules/system/fstools.te | 7 +
policy/modules/system/init.te | 5
policy/modules/system/libraries.fc | 2
policy/modules/system/locallogin.te | 1
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.te | 3
policy/modules/system/mount.te | 3
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.if | 23 ++-
policy/modules/system/selinuxutil.te | 16 ++
policy/modules/system/sysnetwork.te | 7 +
policy/modules/system/udev.te | 2
policy/modules/system/unconfined.te | 8 -
policy/modules/system/userdomain.te | 1
policy/modules/system/xend.fc | 23 +++
policy/modules/system/xend.if | 71 ++++++++++
policy/modules/system/xend.te | 219 ++++++++++++++++++++++++++++++++
63 files changed, 813 insertions(+), 66 deletions(-)
Index: policy-20060207.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060207.patch,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- policy-20060207.patch 18 Mar 2006 04:09:10 -0000 1.52
+++ policy-20060207.patch 21 Mar 2006 15:42:38 -0000 1.53
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs
serefpolicy-2.2.23/policy/mcs
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs
serefpolicy-2.2.24/policy/mcs
--- nsaserefpolicy/policy/mcs 2006-02-16 14:46:56.000000000 -0500
-+++ serefpolicy-2.2.23/policy/mcs 2006-03-09 10:26:36.000000000 -0500
++++ serefpolicy-2.2.24/policy/mcs 2006-03-17 14:30:03.000000000 -0500
@@ -141,9 +141,7 @@
mlsconstrain file { create relabelto } ((h1 dom h2) and (l2 eq h2));
@@ -12,9 +12,9 @@
# new file labels must be dominated by the relabeling subject clearance
mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } {
relabelfrom }
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/bootloader.te
serefpolicy-2.2.23/policy/modules/admin/bootloader.te
---- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-03-02
18:45:54.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/admin/bootloader.te 2006-03-13
12:23:12.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/bootloader.te
serefpolicy-2.2.24/policy/modules/admin/bootloader.te
+--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-03-17
13:51:46.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/admin/bootloader.te 2006-03-17
14:30:03.000000000 -0500
@@ -103,7 +103,7 @@
files_manage_boot_symlinks(bootloader_t)
files_read_etc_files(bootloader_t)
@@ -24,9 +24,9 @@
files_read_usr_src_files(bootloader_t)
files_read_usr_files(bootloader_t)
files_read_var_files(bootloader_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/dmidecode.te
serefpolicy-2.2.23/policy/modules/admin/dmidecode.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/dmidecode.te
serefpolicy-2.2.24/policy/modules/admin/dmidecode.te
--- nsaserefpolicy/policy/modules/admin/dmidecode.te 2006-03-04
00:06:33.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/admin/dmidecode.te 2006-03-13
12:26:24.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/admin/dmidecode.te 2006-03-17
14:30:03.000000000 -0500
@@ -32,6 +32,8 @@
locallogin_use_fds(dmidecode_t)
@@ -36,9 +36,9 @@
ifdef(`targeted_policy',`
term_use_generic_ptys(dmidecode_t)
term_use_unallocated_ttys(dmidecode_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/readahead.te
serefpolicy-2.2.23/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2006-03-04
00:06:33.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/admin/readahead.te 2006-03-07
13:42:37.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/readahead.te
serefpolicy-2.2.24/policy/modules/admin/readahead.te
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2006-03-17
13:51:47.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/admin/readahead.te 2006-03-17
14:30:03.000000000 -0500
@@ -18,7 +18,7 @@
# Local policy
#
@@ -48,10 +48,10 @@
allow readahead_t self:process signal_perms;
allow readahead_t readahead_var_run_t:file create_file_perms;
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/rpm.fc
serefpolicy-2.2.23/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-01-27 21:35:04.000000000
-0500
-+++ serefpolicy-2.2.23/policy/modules/admin/rpm.fc 2006-03-07
15:39:28.000000000 -0500
-@@ -25,7 +25,7 @@
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/rpm.fc
serefpolicy-2.2.24/policy/modules/admin/rpm.fc
+--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-03-17 13:51:47.000000000
-0500
++++ serefpolicy-2.2.24/policy/modules/admin/rpm.fc 2006-03-17
14:30:03.000000000 -0500
+@@ -22,7 +22,7 @@
/var/lib/rpm(/.*)?
gen_context(system_u:object_r:rpm_var_lib_t,s0)
/var/log/rpmpkgs.* --
gen_context(system_u:object_r:rpm_log_t,s0)
@@ -60,9 +60,9 @@
# SuSE
ifdef(`distro_suse', `
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/rpm.if
serefpolicy-2.2.23/policy/modules/admin/rpm.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/rpm.if
serefpolicy-2.2.24/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2006-03-04 00:06:33.000000000
-0500
-+++ serefpolicy-2.2.23/policy/modules/admin/rpm.if 2006-03-14
17:08:39.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/admin/rpm.if 2006-03-17
14:30:03.000000000 -0500
@@ -78,6 +78,9 @@
role $2 types rpm_t;
role $2 types rpm_script_t;
@@ -73,9 +73,9 @@
allow rpm_t $3:chr_file rw_term_perms;
')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/rpm.te
serefpolicy-2.2.23/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te 2006-03-04 00:06:33.000000000
-0500
-+++ serefpolicy-2.2.23/policy/modules/admin/rpm.te 2006-03-15
09:22:44.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/rpm.te
serefpolicy-2.2.24/policy/modules/admin/rpm.te
+--- nsaserefpolicy/policy/modules/admin/rpm.te 2006-03-17 13:51:47.000000000
-0500
++++ serefpolicy-2.2.24/policy/modules/admin/rpm.te 2006-03-17
14:30:03.000000000 -0500
@@ -326,6 +326,7 @@
seutil_domtrans_loadpolicy(rpm_script_t)
@@ -84,17 +84,17 @@
userdom_use_all_users_fds(rpm_script_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc
serefpolicy-2.2.23/policy/modules/admin/su.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc
serefpolicy-2.2.24/policy/modules/admin/su.fc
--- nsaserefpolicy/policy/modules/admin/su.fc 2005-11-14 18:24:06.000000000
-0500
-+++ serefpolicy-2.2.23/policy/modules/admin/su.fc 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/admin/su.fc 2006-03-17
14:30:03.000000000 -0500
@@ -2,3 +2,4 @@
/bin/su --
gen_context(system_u:object_r:su_exec_t,s0)
/usr(/local)?/bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0)
+/usr/bin/kdesu --
gen_context(system_u:object_r:su_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if
serefpolicy-2.2.23/policy/modules/admin/su.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if
serefpolicy-2.2.24/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2006-03-04 00:06:33.000000000
-0500
-+++ serefpolicy-2.2.23/policy/modules/admin/su.if 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/admin/su.if 2006-03-17
14:30:03.000000000 -0500
@@ -141,10 +141,10 @@
# By default, revert to the calling domain when a shell is executed.
@@ -109,9 +109,9 @@
kernel_read_system_state($1_su_t)
kernel_read_kernel_sysctls($1_su_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/updfstab.te
serefpolicy-2.2.23/policy/modules/admin/updfstab.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/updfstab.te
serefpolicy-2.2.24/policy/modules/admin/updfstab.te
--- nsaserefpolicy/policy/modules/admin/updfstab.te 2006-03-04
00:06:33.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/admin/updfstab.te 2006-03-14
11:34:03.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/admin/updfstab.te 2006-03-17
14:30:03.000000000 -0500
@@ -125,6 +125,6 @@
udev_read_db(updfstab_t)
')
@@ -121,9 +121,9 @@
+optional_policy(`fstools',`
+ fstools_getattr_swap_files(updfstab_t)
')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/vbetool.te
serefpolicy-2.2.23/policy/modules/admin/vbetool.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/admin/vbetool.te
serefpolicy-2.2.24/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2006-02-01
08:23:27.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/admin/vbetool.te 2006-03-09
16:31:49.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/admin/vbetool.te 2006-03-17
14:30:03.000000000 -0500
@@ -15,6 +15,7 @@
# Local policy
#
@@ -144,20 +144,31 @@
+optional_policy(`hal',`
+ hal_rw_var_run(vbetool_t)
+')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/corenetwork.te.in
serefpolicy-2.2.23/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-02-20
14:07:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/corenetwork.te.in 2006-03-07
13:42:37.000000000 -0500
-@@ -126,6 +126,7 @@
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/corenetwork.te.in
serefpolicy-2.2.24/policy/modules/kernel/corenetwork.te.in
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/kernel/corenetwork.te.in 2006-03-21
08:10:24.000000000 -0500
+@@ -66,7 +66,7 @@
+ network_port(giftd, tcp,1213,s0)
+ network_port(gopher, tcp,70,s0, udp,70,s0)
+ network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0)
# 8118 is for privoxy
+-network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0)
++network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp, 9050,
s0) # 9050 is for Tor
+ network_port(howl, tcp,5335,s0, udp,5353,s0)
+ network_port(hplip, tcp,50000,s0, tcp,50002,s0)
+ network_port(i18n_input, tcp,9010,s0)
+@@ -126,7 +126,8 @@
+ type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined
portcon
network_port(uucpd, tcp,540,s0)
network_port(vnc, tcp,5900,s0)
- network_port(xserver, tcp,6001,s0, tcp,6002,s0, tcp,6003,s0, tcp,6004,s0,
tcp,6005,s0, tcp,6006,s0, tcp,6007,s0, tcp,6008,s0, tcp,6009,s0, tcp,6010,s0,
tcp,6011,s0, tcp,6012,s0, tcp,6013,s0, tcp,6014,s0, tcp,6015,s0, tcp,6016,s0,
tcp,6017,s0, tcp,6018,s0, tcp,6019,s0)
+-network_port(xserver, tcp,6001,s0, tcp,6002,s0, tcp,6003,s0, tcp,6004,s0,
tcp,6005,s0, tcp,6006,s0, tcp,6007,s0, tcp,6008,s0, tcp,6009,s0, tcp,6010,s0,
tcp,6011,s0, tcp,6012,s0, tcp,6013,s0, tcp,6014,s0, tcp,6015,s0, tcp,6016,s0,
tcp,6017,s0, tcp,6018,s0, tcp,6019,s0)
++network_port(xserver, tcp, 6000, s0, tcp,6001,s0, tcp,6002,s0, tcp,6003,s0,
tcp,6004,s0, tcp,6005,s0, tcp,6006,s0, tcp,6007,s0, tcp,6008,s0, tcp,6009,s0,
tcp,6010,s0, tcp,6011,s0, tcp,6012,s0, tcp,6013,s0, tcp,6014,s0, tcp,6015,s0,
tcp,6016,s0, tcp,6017,s0, tcp,6018,s0, tcp,6019,s0)
+network_port(xen, tcp,8002,s0)
network_port(zebra, tcp,2601,s0)
network_port(zope, tcp,8021,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/devices.fc
serefpolicy-2.2.23/policy/modules/kernel/devices.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/devices.fc
serefpolicy-2.2.24/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-02-27
17:17:23.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/devices.fc 2006-03-08
17:34:22.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/kernel/devices.fc 2006-03-17
14:30:03.000000000 -0500
@@ -33,6 +33,7 @@
/dev/par.* -c
gen_context(system_u:object_r:printer_device_t,s0)
/dev/patmgr[01] -c
gen_context(system_u:object_r:sound_device_t,s0)
@@ -166,10 +177,10 @@
/dev/port -c
gen_context(system_u:object_r:memory_device_t,s15:c0.c255)
/dev/(misc/)?psaux -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/rmidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/devices.if
serefpolicy-2.2.23/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2006-02-23
09:25:08.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/devices.if 2006-03-09
16:17:57.000000000 -0500
-@@ -2384,7 +2384,7 @@
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/devices.if
serefpolicy-2.2.24/policy/modules/kernel/devices.if
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/kernel/devices.if 2006-03-17
14:30:03.000000000 -0500
+@@ -2382,7 +2382,7 @@
')
allow $1 device_t:dir r_dir_perms;
@@ -178,7 +189,7 @@
')
########################################
-@@ -2732,3 +2732,22 @@
+@@ -2769,3 +2769,22 @@
typeattribute $1 memory_raw_write, memory_raw_read;
')
@@ -201,9 +212,9 @@
+ dontaudit $1 device_node:dir_file_class_set getattr;
+')
+
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/files.fc
serefpolicy-2.2.23/policy/modules/kernel/files.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/files.fc
serefpolicy-2.2.24/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-03-04
00:06:34.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/files.fc 2006-03-08
16:26:29.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/kernel/files.fc 2006-03-17
14:30:03.000000000 -0500
@@ -45,7 +45,7 @@
/etc(/.*)? gen_context(system_u:object_r:etc_t,s0)
/etc/\.fstab\.hal\..+ -- gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -240,9 +251,9 @@
HOME_ROOT/\.journal <<none>>
HOME_ROOT/lost\+found -d
gen_context(system_u:object_r:lost_found_t,s15:c0.c255)
HOME_ROOT/lost\+found/.* <<none>>
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/files.if
serefpolicy-2.2.23/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2006-03-04
00:06:34.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/files.if 2006-03-09
11:17:00.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/files.if
serefpolicy-2.2.24/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/kernel/files.if 2006-03-17
14:30:03.000000000 -0500
@@ -1648,6 +1648,21 @@
')
@@ -273,7 +284,7 @@
allow $1 etc_runtime_t:file create_file_perms;
type_transition $1 etc_t:file etc_runtime_t;
')
-@@ -3789,12 +3805,13 @@
+@@ -3808,12 +3824,13 @@
# Need to give permission to create directories where applicable
allow $1 self:process setfscreate;
@@ -289,17 +300,17 @@
')
########################################
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/filesystem.te
serefpolicy-2.2.23/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-02-14
07:20:25.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/filesystem.te 2006-03-08
11:55:28.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/filesystem.te
serefpolicy-2.2.24/policy/modules/kernel/filesystem.te
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/kernel/filesystem.te 2006-03-17
14:30:03.000000000 -0500
@@ -167,3 +167,4 @@
genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
+genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/kernel.if
serefpolicy-2.2.23/policy/modules/kernel/kernel.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/kernel.if
serefpolicy-2.2.24/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-03-04
00:06:34.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/kernel.if 2006-03-07
14:00:35.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/kernel/kernel.if 2006-03-17
14:30:03.000000000 -0500
@@ -1044,6 +1044,7 @@
allow $1 proc_t:dir search;
@@ -420,9 +431,9 @@
+ allow $1 proc_xen_t:dir r_dir_perms;
+ allow $1 proc_xen_t:file write;
+')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/kernel.te
serefpolicy-2.2.23/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-02-07
10:43:26.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/kernel/kernel.te 2006-03-07
13:42:37.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/kernel.te
serefpolicy-2.2.24/policy/modules/kernel/kernel.te
+--- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/kernel/kernel.te 2006-03-17
14:30:03.000000000 -0500
@@ -75,6 +75,9 @@
type proc_net_t, proc_type;
genfscon proc /net gen_context(system_u:object_r:proc_net_t,s0)
@@ -433,9 +444,22 @@
#
# Sysctl types
#
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/apache.fc
serefpolicy-2.2.23/policy/modules/services/apache.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/kernel/terminal.if
serefpolicy-2.2.24/policy/modules/kernel/terminal.if
+--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-02-14
07:20:25.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/kernel/terminal.if 2006-03-17
14:30:03.000000000 -0500
+@@ -588,8 +588,8 @@
+ type devpts_t;
+ ')
+
+- dev_list_all_dev_nodes($1)
+ allow $1 devpts_t:dir r_dir_perms;
++ dev_list_all_dev_nodes($1)
+ allow $1 ptynode:chr_file { rw_term_perms lock append };
+ ')
+
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/apache.fc
serefpolicy-2.2.24/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-02-27
17:17:23.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/apache.fc 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/apache.fc 2006-03-17
14:30:03.000000000 -0500
@@ -15,6 +15,7 @@
/etc/vhosts --
gen_context(system_u:object_r:httpd_config_t,s0)
@@ -449,9 +473,9 @@
/var/www/icons(/.*)?
gen_context(system_u:object_r:httpd_sys_content_t,s0)
/var/www/perl(/.*)?
gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
+/usr/share/selinux-policy([^/]*)?/html(/.*)?
gen_context(system_u:object_r:httpd_sys_content_t,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/apache.if
serefpolicy-2.2.23/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if 2006-03-04
00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/apache.if 2006-03-07
13:42:37.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/apache.if
serefpolicy-2.2.24/policy/modules/services/apache.if
+--- nsaserefpolicy/policy/modules/services/apache.if 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/apache.if 2006-03-17
14:30:03.000000000 -0500
@@ -12,6 +12,11 @@
## </param>
#
@@ -464,9 +488,9 @@
# allow write access to public file transfer
# services files.
gen_tunable(allow_httpd_$1_script_anon_write,false)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/apm.fc
serefpolicy-2.2.23/policy/modules/services/apm.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/apm.fc
serefpolicy-2.2.24/policy/modules/services/apm.fc
--- nsaserefpolicy/policy/modules/services/apm.fc 2005-11-14
18:24:08.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/apm.fc 2006-03-07
15:38:20.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/apm.fc 2006-03-17
14:30:03.000000000 -0500
@@ -11,7 +11,7 @@
#
# /var
@@ -476,9 +500,9 @@
/var/run/\.?acpid\.socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
/var/run/apmd\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/apm.te
serefpolicy-2.2.23/policy/modules/services/apm.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/apm.te
serefpolicy-2.2.24/policy/modules/services/apm.te
--- nsaserefpolicy/policy/modules/services/apm.te 2006-03-04
00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/apm.te 2006-03-08
13:36:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/apm.te 2006-03-17
14:30:03.000000000 -0500
@@ -225,6 +225,10 @@
pcmcia_domtrans_cardctl(apmd_t)
')
@@ -490,9 +514,9 @@
optional_policy(`selinuxutil',`
seutil_sigchld_newrole(apmd_t)
')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/bluetooth.te
serefpolicy-2.2.23/policy/modules/services/bluetooth.te
---- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-03-04
00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/bluetooth.te 2006-03-16
09:30:42.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/bluetooth.te
serefpolicy-2.2.24/policy/modules/services/bluetooth.te
+--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/bluetooth.te 2006-03-21
08:22:49.000000000 -0500
@@ -115,6 +115,7 @@
corecmd_exec_shell(bluetooth_t)
@@ -521,42 +545,62 @@
allow bluetooth_helper_t bluetooth_t:socket { read write };
-@@ -202,20 +208,17 @@
+@@ -182,8 +188,6 @@
+
+ dev_read_urand(bluetooth_helper_t)
+
+-term_dontaudit_use_all_user_ttys(bluetooth_helper_t)
+-
+ corecmd_exec_bin(bluetooth_helper_t)
+ corecmd_exec_shell(bluetooth_helper_t)
+
+@@ -202,29 +206,27 @@
miscfiles_read_localization(bluetooth_helper_t)
miscfiles_read_fonts(bluetooth_helper_t)
-userdom_search_all_users_home_content(bluetooth_helper_t)
--
++sysnet_read_config(bluetooth_helper_t)
++
++term_dontaudit_use_all_user_ttys(bluetooth_helper_t)
+
optional_policy(`nscd',`
nscd_socket_use(bluetooth_helper_t)
')
-+optional_policy(`xserver', `
-+ xserver_stream_connect_xdm(bluetooth_helper_t)
-+');
-+
- ifdef(`TODO',`
- allow bluetooth_helper_t tmp_t:dir search;
-
+-ifdef(`TODO',`
+-allow bluetooth_helper_t tmp_t:dir search;
+-
-ifdef(`xserver.te', `
- allow bluetooth_helper_t xserver_log_t:dir search;
- allow bluetooth_helper_t xserver_log_t:file { getattr read };
-')
-
- ifdef(`strict_policy',`
- ifdef(`xdm.te',`
- allow bluetooth_helper_t xdm_xserver_tmp_t:sock_file { read
write };
-@@ -227,4 +230,7 @@
- files_rw_generic_tmp_sockets(bluetooth_helper_t)
- allow bluetooth_helper_t tmpfs_t:file { read write };
- allow bluetooth_helper_t unconfined_t:unix_stream_socket connectto;
-+ userdom_read_all_users_home_content_files(bluetooth_helper_t)
+-ifdef(`strict_policy',`
+- ifdef(`xdm.te',`
+- allow bluetooth_helper_t xdm_xserver_tmp_t:sock_file { read
write };
+- ')
+-')
+-') dnl end TODO
++optional_policy(`locallogin', `
++ locallogin_dontaudit_use_fds(bluetooth_helper_t)
++');
+
++optional_policy(`xserver', `
++ xserver_rw_xdm_sockets(bluetooth_helper_t)
+ xserver_stream_connect_xdm(bluetooth_helper_t)
++');
+
+ ifdef(`targeted_policy',`
++ userdom_read_all_users_home_content_files(bluetooth_helper_t)
++# Not sure we need the following anymore ????
+ files_rw_generic_tmp_sockets(bluetooth_helper_t)
+- allow bluetooth_helper_t tmpfs_t:file { read write };
+ allow bluetooth_helper_t unconfined_t:unix_stream_socket connectto;
++ allow bluetooth_helper_t tmpfs_t:file { read write };
')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cron.te
serefpolicy-2.2.23/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te 2006-03-04
00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cron.te 2006-03-07
13:42:37.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cron.te
serefpolicy-2.2.24/policy/modules/services/cron.te
+--- nsaserefpolicy/policy/modules/services/cron.te 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/cron.te 2006-03-17
14:30:03.000000000 -0500
@@ -166,6 +166,9 @@
allow crond_t unconfined_t:dbus send_msg;
@@ -567,9 +611,9 @@
',`
allow crond_t crond_tmp_t:dir create_dir_perms;
allow crond_t crond_tmp_t:file create_file_perms;
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cups.fc
serefpolicy-2.2.23/policy/modules/services/cups.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cups.fc
serefpolicy-2.2.24/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2005-11-14
18:24:08.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cups.fc 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/cups.fc 2006-03-17
14:30:03.000000000 -0500
@@ -43,7 +43,7 @@
/var/log/cups(/.*)? gen_context(system_u:object_r:cupsd_log_t,s0)
/var/log/turboprint_cups\.log.* --
gen_context(system_u:object_r:cupsd_log_t,s0)
@@ -579,9 +623,9 @@
/var/run/hp.*\.pid --
gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/hp.*\.port --
gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cups.if
serefpolicy-2.2.23/policy/modules/services/cups.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cups.if
serefpolicy-2.2.24/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2006-02-23
09:25:09.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cups.if 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/cups.if 2006-03-17
14:30:03.000000000 -0500
@@ -226,3 +226,25 @@
allow cupsd_t $1:tcp_socket { acceptfrom recvfrom };
kernel_tcp_recvfrom($1)
@@ -608,9 +652,9 @@
+ allow $1 cupsd_t:unix_stream_socket connectto;
+')
+
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cups.te
serefpolicy-2.2.23/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te 2006-03-04
00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cups.te 2006-03-07
13:42:37.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cups.te
serefpolicy-2.2.24/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/cups.te 2006-03-17
14:30:03.000000000 -0500
@@ -77,7 +77,7 @@
dontaudit cupsd_t self:capability { sys_tty_config net_admin };
allow cupsd_t self:process { setsched signal_perms };
@@ -653,9 +697,9 @@
')
########################################
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cvs.te
serefpolicy-2.2.23/policy/modules/services/cvs.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/cvs.te
serefpolicy-2.2.24/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2006-03-04
00:06:35.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/cvs.te 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/cvs.te 2006-03-17
14:30:03.000000000 -0500
@@ -11,7 +11,7 @@
inetd_tcp_service_domain(cvs_t,cvs_exec_t)
role system_r types cvs_t;
@@ -665,9 +709,9 @@
files_type(cvs_data_t)
type cvs_tmp_t;
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/hal.if
serefpolicy-2.2.23/policy/modules/services/hal.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/hal.if
serefpolicy-2.2.24/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2006-03-04
00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/hal.if 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/hal.if 2006-03-17
14:30:03.000000000 -0500
@@ -100,3 +100,44 @@
allow $1 hald_t:dbus send_msg;
allow hald_t $1:dbus send_msg;
@@ -713,9 +757,9 @@
+ allow $1 hald_var_run_t:file rw_file_perms;
+')
+
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/hal.te
serefpolicy-2.2.23/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te 2006-03-04
00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/hal.te 2006-03-09
16:33:41.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/hal.te
serefpolicy-2.2.24/policy/modules/services/hal.te
+--- nsaserefpolicy/policy/modules/services/hal.te 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/hal.te 2006-03-21
08:06:25.000000000 -0500
@@ -22,7 +22,7 @@
#
@@ -772,17 +816,28 @@
optional_policy(`mount',`
mount_domtrans(hald_t)
')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/ktalk.fc
serefpolicy-2.2.23/policy/modules/services/ktalk.fc
+@@ -203,6 +210,10 @@
+ nis_use_ypbind(hald_t)
+ ')
+
++optional_policy(`hal', `
++ hal_domtrans(ntpd_t)
++');
++
+ optional_policy(`nscd',`
+ nscd_socket_use(hald_t)
+ ')
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/ktalk.fc
serefpolicy-2.2.24/policy/modules/services/ktalk.fc
--- nsaserefpolicy/policy/modules/services/ktalk.fc 2006-02-20
14:07:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/ktalk.fc 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/ktalk.fc 2006-03-17
14:30:03.000000000 -0500
@@ -1,3 +1,4 @@
/usr/bin/in.talkd --
gen_context(system_u:object_r:ktalkd_exec_t,s0)
/usr/bin/ktalkd --
gen_context(system_u:object_r:ktalkd_exec_t,s0)
+/var/log/talkd.* -- gen_context(system_u:object_r:ktalkd_log_t,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/ktalk.te
serefpolicy-2.2.23/policy/modules/services/ktalk.te
---- nsaserefpolicy/policy/modules/services/ktalk.te 2006-03-04
00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/ktalk.te 2006-03-07
13:42:37.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/ktalk.te
serefpolicy-2.2.24/policy/modules/services/ktalk.te
+--- nsaserefpolicy/policy/modules/services/ktalk.te 2006-03-17
13:51:48.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/ktalk.te 2006-03-17
14:30:03.000000000 -0500
@@ -14,6 +14,9 @@
type ktalkd_tmp_t;
files_tmp_file(ktalkd_tmp_t)
@@ -806,9 +861,9 @@
miscfiles_read_localization(ktalkd_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/mailman.if
serefpolicy-2.2.23/policy/modules/services/mailman.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/mailman.if
serefpolicy-2.2.24/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2006-03-04
00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/mailman.if 2006-03-08
16:59:01.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/mailman.if 2006-03-17
14:30:03.000000000 -0500
@@ -275,3 +275,28 @@
allow $1 mailman_archive_t:file r_file_perms;
allow $1 mailman_archive_t:lnk_file { getattr read };
@@ -838,17 +893,17 @@
+ allow mailman_queue_t $1:process sigchld;
+')
+
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/nis.fc
serefpolicy-2.2.23/policy/modules/services/nis.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/nis.fc
serefpolicy-2.2.24/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2005-11-28
21:48:04.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/nis.fc 2006-03-10
16:47:00.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/nis.fc 2006-03-17
14:30:03.000000000 -0500
@@ -7,3 +7,4 @@
/usr/sbin/ypserv -- gen_context(system_u:object_r:ypserv_exec_t,s0)
/var/yp(/.*)? gen_context(system_u:object_r:var_yp_t,s0)
+/usr/sbin/rpc.ypxfr -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/nis.if
serefpolicy-2.2.23/policy/modules/services/nis.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/nis.if
serefpolicy-2.2.24/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2006-02-10
21:34:14.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/nis.if 2006-03-10
16:45:39.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/nis.if 2006-03-17
14:30:03.000000000 -0500
@@ -277,3 +277,28 @@
files_search_etc($1)
allow $1 ypserv_conf_t:file { getattr read };
@@ -878,9 +933,9 @@
+ allow ypxfr_t $1:fifo_file rw_file_perms;
+ allow ypxfr_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/nis.te
serefpolicy-2.2.23/policy/modules/services/nis.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/nis.te
serefpolicy-2.2.24/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2006-03-04
00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/nis.te 2006-03-13
13:32:08.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/nis.te 2006-03-17
14:30:03.000000000 -0500
@@ -31,6 +31,10 @@
type ypserv_exec_t;
init_daemon_domain(ypserv_t,ypserv_exec_t)
@@ -934,9 +989,9 @@
+
+allow ypxfr_t etc_t:file { getattr read };
+files_read_etc_files(ypxfr_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/nscd.if
serefpolicy-2.2.23/policy/modules/services/nscd.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/nscd.if
serefpolicy-2.2.24/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2006-02-10
21:34:14.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/nscd.if 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/nscd.if 2006-03-17
14:30:03.000000000 -0500
@@ -49,8 +49,8 @@
dontaudit $1 nscd_t:nscd { shmempwd shmemgrp shmemhost };
@@ -947,9 +1002,20 @@
dontaudit $1 nscd_var_run_t:file { getattr read };
')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/postfix.te
serefpolicy-2.2.23/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te 2006-03-04
00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/postfix.te 2006-03-08
16:58:41.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/pegasus.te
serefpolicy-2.2.24/policy/modules/services/pegasus.te
+--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-03-04
00:06:36.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/pegasus.te 2006-03-21
10:39:08.000000000 -0500
+@@ -77,6 +77,7 @@
+ corenet_tcp_bind_pegasus_https_port(pegasus_t)
+ corenet_tcp_connect_pegasus_http_port(pegasus_t)
+ corenet_tcp_connect_pegasus_https_port(pegasus_t)
++corenet_tcp_connect_generic_port(pegasus_t)
+
+ dev_read_sysfs(pegasus_t)
+ dev_read_urand(pegasus_t)
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/postfix.te
serefpolicy-2.2.24/policy/modules/services/postfix.te
+--- nsaserefpolicy/policy/modules/services/postfix.te 2006-03-17
13:51:49.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/postfix.te 2006-03-17
14:30:03.000000000 -0500
@@ -406,6 +406,10 @@
procmail_domtrans(postfix_pipe_t)
')
@@ -961,9 +1027,9 @@
########################################
#
# Postfix postdrop local policy
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/samba.te
serefpolicy-2.2.23/policy/modules/services/samba.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/samba.te
serefpolicy-2.2.24/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2006-03-04
00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/samba.te 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/samba.te 2006-03-17
14:30:03.000000000 -0500
@@ -32,7 +32,7 @@
type samba_secrets_t;
files_type(samba_secrets_t)
@@ -973,9 +1039,9 @@
files_config_file(samba_share_t)
type samba_var_t;
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/sendmail.te
serefpolicy-2.2.23/policy/modules/services/sendmail.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/sendmail.te
serefpolicy-2.2.24/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2006-03-04
00:06:36.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/services/sendmail.te 2006-03-14
15:56:20.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/sendmail.te 2006-03-17
14:30:03.000000000 -0500
@@ -125,6 +125,7 @@
')
@@ -984,9 +1050,36 @@
postfix_read_config(sendmail_t)
postfix_search_spool(sendmail_t)
')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/fstools.if
serefpolicy-2.2.23/policy/modules/system/fstools.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/services/xserver.if
serefpolicy-2.2.24/policy/modules/services/xserver.if
+--- nsaserefpolicy/policy/modules/services/xserver.if 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/services/xserver.if 2006-03-21
08:19:11.000000000 -0500
+@@ -904,3 +904,23 @@
+
+ dontaudit $1 xdm_xserver_t:tcp_socket { read write };
+ ')
++
++########################################
++## <summary>
++## Do not audit attempts to read and write to
++## a XDM X server socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit
++## </summary>
++## </param>
++#
++interface(`xserver_rw_xdm_sockets',`
++ gen_require(`
++ type xdm_xserver_tmp_t;
++ ')
++
++ allow $1 xdm_xserver_tmp_t:dir search;
++ allow $1 xdm_xserver_tmp_t:sock_file { read write };
++')
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/fstools.if
serefpolicy-2.2.24/policy/modules/system/fstools.if
--- nsaserefpolicy/policy/modules/system/fstools.if 2006-02-10
21:34:15.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/fstools.if 2006-03-14
11:33:20.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/fstools.if 2006-03-17
14:30:03.000000000 -0500
@@ -110,3 +110,21 @@
allow $1 fsadm_exec_t:file create_file_perms;
@@ -1009,9 +1102,9 @@
+
+ allow $1 swapfile_t:file getattr;
+')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/fstools.te
serefpolicy-2.2.23/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te 2006-03-04
00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/fstools.te 2006-03-14
11:32:08.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/fstools.te
serefpolicy-2.2.24/policy/modules/system/fstools.te
+--- nsaserefpolicy/policy/modules/system/fstools.te 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/fstools.te 2006-03-20
23:51:17.000000000 -0500
@@ -53,6 +53,7 @@
kernel_change_ring_buffer_level(fsadm_t)
# mkreiserfs needs this
@@ -1020,7 +1113,18 @@
# Access to /initrd devices
kernel_rw_unlabeled_dirs(fsadm_t)
kernel_rw_unlabeled_blk_files(fsadm_t)
-@@ -73,6 +74,7 @@
+@@ -65,6 +66,10 @@
+ dev_read_urand(fsadm_t)
+ # Recreate /dev/cdrom.
+ dev_manage_generic_symlinks(fsadm_t)
++
++# fdisk needs this for early boot
++dev_manage_generic_blk_files(fsadm_t)
++
+ # Access to /initrd devices
+ dev_search_usbfs(fsadm_t)
+ # for swapon
+@@ -73,6 +78,7 @@
dev_getattr_usbfs_dirs(fsadm_t)
# Access to /dev/mapper/control
dev_rw_lvm_control(fsadm_t)
@@ -1028,7 +1132,7 @@
fs_search_auto_mountpoints(fsadm_t)
fs_getattr_xattr_fs(fsadm_t)
-@@ -127,6 +129,7 @@
+@@ -127,6 +133,7 @@
init_use_fds(fsadm_t)
init_use_script_ptys(fsadm_t)
@@ -1036,9 +1140,9 @@
libs_use_ld_so(fsadm_t)
libs_use_shared_libs(fsadm_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/init.te
serefpolicy-2.2.23/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2006-03-04
00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/init.te 2006-03-15
09:44:32.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/init.te
serefpolicy-2.2.24/policy/modules/system/init.te
+--- nsaserefpolicy/policy/modules/system/init.te 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/init.te 2006-03-17
14:30:03.000000000 -0500
@@ -349,6 +349,7 @@
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
@@ -1058,9 +1162,9 @@
',`
# cjp: require doesnt work in optionals :\
# this also would result in a type transition
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/libraries.fc
serefpolicy-2.2.23/policy/modules/system/libraries.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/libraries.fc
serefpolicy-2.2.24/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-02-20
14:07:38.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/libraries.fc 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/libraries.fc 2006-03-17
14:30:03.000000000 -0500
@@ -65,6 +65,7 @@
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* --
gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libGLU\.so(\.[^/]*)* --
gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -1077,9 +1181,9 @@
ifdef(`distro_redhat',`
/usr/lib(64)?/.*/program/.*\.so.*
gen_context(system_u:object_r:shlib_t,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/locallogin.te
serefpolicy-2.2.23/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te 2006-03-04
00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/locallogin.te 2006-03-07
13:42:37.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/locallogin.te
serefpolicy-2.2.24/policy/modules/system/locallogin.te
+--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/locallogin.te 2006-03-17
14:30:03.000000000 -0500
@@ -20,6 +20,7 @@
type local_login_tmp_t;
@@ -1088,9 +1192,9 @@
type sulogin_t;
type sulogin_exec_t;
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/lvm.fc
serefpolicy-2.2.23/policy/modules/system/lvm.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/lvm.fc
serefpolicy-2.2.24/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2005-11-14
18:24:06.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/lvm.fc 2006-03-07
13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/lvm.fc 2006-03-17
14:30:03.000000000 -0500
@@ -25,6 +25,7 @@
# /sbin
#
@@ -1099,9 +1203,9 @@
/sbin/dmsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/dmsetup\.static -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/e2fsadm -- gen_context(system_u:object_r:lvm_exec_t,s0)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/lvm.te
serefpolicy-2.2.23/policy/modules/system/lvm.te
---- nsaserefpolicy/policy/modules/system/lvm.te 2006-03-04
00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/lvm.te 2006-03-08
10:58:24.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/lvm.te
serefpolicy-2.2.24/policy/modules/system/lvm.te
+--- nsaserefpolicy/policy/modules/system/lvm.te 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/lvm.te 2006-03-17
14:30:03.000000000 -0500
@@ -129,6 +129,8 @@
# DAC overrides and mknod for modifying /dev entries (vgmknodes)
@@ -1119,9 +1223,9 @@
fs_getattr_xattr_fs(lvm_t)
fs_search_auto_mountpoints(lvm_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/mount.te
serefpolicy-2.2.23/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te 2006-03-04
00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/mount.te 2006-03-14
14:40:50.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/mount.te
serefpolicy-2.2.24/policy/modules/system/mount.te
+--- nsaserefpolicy/policy/modules/system/mount.te 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/mount.te 2006-03-17
14:30:03.000000000 -0500
@@ -26,6 +26,7 @@
files_tmp_filetrans(mount_t,mount_tmp_t,{ file dir })
@@ -1146,9 +1250,9 @@
libs_use_ld_so(mount_t)
libs_use_shared_libs(mount_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/selinuxutil.fc
serefpolicy-2.2.23/policy/modules/system/selinuxutil.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/selinuxutil.fc
serefpolicy-2.2.24/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-02-23
09:25:09.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.fc 2006-03-15
16:33:44.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/selinuxutil.fc 2006-03-17
14:30:03.000000000 -0500
@@ -8,9 +8,9 @@
/etc/selinux/([^/]*/)?contexts/files(/.*)?
gen_context(system_u:object_r:file_context_t,s0)
/etc/selinux/([^/]*/)?policy(/.*)?
gen_context(system_u:object_r:policy_config_t,s15:c0.c255)
@@ -1162,9 +1266,9 @@
/etc/selinux/([^/]*/)?users(/.*)? --
gen_context(system_u:object_r:selinux_config_t,s15:c0.c255)
#
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/selinuxutil.if
serefpolicy-2.2.23/policy/modules/system/selinuxutil.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/selinuxutil.if
serefpolicy-2.2.24/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2006-02-23
09:25:09.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.if 2006-03-14
17:32:57.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/selinuxutil.if 2006-03-17
14:30:03.000000000 -0500
@@ -675,8 +675,8 @@
files_search_etc($1)
@@ -1206,9 +1310,9 @@
+ allow $1 selinux_config_t:lnk_file { getattr read };
+')
+
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/selinuxutil.te
serefpolicy-2.2.23/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-03-04
00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/selinuxutil.te 2006-03-15
09:23:03.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/selinuxutil.te
serefpolicy-2.2.24/policy/modules/system/selinuxutil.te
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/selinuxutil.te 2006-03-17
14:30:03.000000000 -0500
@@ -192,6 +192,9 @@
selinux_load_policy(load_policy_t)
selinux_set_boolean(load_policy_t)
@@ -1274,9 +1378,9 @@
userdom_use_all_users_fds(setfiles_t)
# for config files in a home directory
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/sysnetwork.te
serefpolicy-2.2.23/policy/modules/system/sysnetwork.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/sysnetwork.te
serefpolicy-2.2.24/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2006-03-04
00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/sysnetwork.te 2006-03-09
11:15:56.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/sysnetwork.te 2006-03-17
14:30:03.000000000 -0500
@@ -161,6 +161,10 @@
consoletype_domtrans(dhcpc_t)
')
@@ -1298,9 +1402,9 @@
ifdef(`targeted_policy',`
term_use_generic_ptys(ifconfig_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/udev.te
serefpolicy-2.2.23/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te 2006-03-04
00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/udev.te 2006-03-13
12:21:29.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/udev.te
serefpolicy-2.2.24/policy/modules/system/udev.te
+--- nsaserefpolicy/policy/modules/system/udev.te 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/udev.te 2006-03-17
14:30:03.000000000 -0500
@@ -39,7 +39,7 @@
# Local policy
#
@@ -1310,9 +1414,9 @@
dontaudit udev_t self:capability sys_tty_config;
allow udev_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit
execmem execstack execheap };
allow udev_t self:process { execmem setfscreate };
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/unconfined.te
serefpolicy-2.2.23/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te 2006-02-20
14:07:38.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/unconfined.te 2006-03-08
12:35:43.000000000 -0500
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/unconfined.te
serefpolicy-2.2.24/policy/modules/system/unconfined.te
+--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/unconfined.te 2006-03-17
14:30:03.000000000 -0500
@@ -89,10 +89,6 @@
firstboot_domtrans(unconfined_t)
')
@@ -1335,10 +1439,10 @@
optional_policy(`netutils',`
netutils_domtrans_ping(unconfined_t)
')
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/userdomain.te
serefpolicy-2.2.23/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2006-03-04
00:06:37.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/userdomain.te 2006-03-14
15:57:25.000000000 -0500
-@@ -179,6 +179,7 @@
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/userdomain.te
serefpolicy-2.2.24/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-03-17
13:51:50.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/userdomain.te 2006-03-17
14:30:03.000000000 -0500
+@@ -180,6 +180,7 @@
logging_read_audit_log(secadm_t)
logging_domtrans_auditctl(secadm_t)
userdom_dontaudit_append_staff_home_content_files(secadm_t)
@@ -1346,9 +1450,9 @@
', `
logging_domtrans_auditctl(sysadm_t)
logging_read_audit_log(sysadm_t)
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/xend.fc
serefpolicy-2.2.23/policy/modules/system/xend.fc
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/xend.fc
serefpolicy-2.2.24/policy/modules/system/xend.fc
--- nsaserefpolicy/policy/modules/system/xend.fc 1969-12-31
19:00:00.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/xend.fc 2006-03-10
16:48:34.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/xend.fc 2006-03-17
14:30:03.000000000 -0500
@@ -0,0 +1,23 @@
+# xend executable will have:
+# label: system_u:object_r:xend_exec_t
@@ -1373,9 +1477,9 @@
+/dev/xen/evtchn -c system_u:object_r:xend_device_t:s0
+/usr/lib/xen/bin(/.*)? system_u:object_r:bin_t:s0
+
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/xend.if
serefpolicy-2.2.23/policy/modules/system/xend.if
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/xend.if
serefpolicy-2.2.24/policy/modules/system/xend.if
--- nsaserefpolicy/policy/modules/system/xend.if 1969-12-31
19:00:00.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/xend.if 2006-03-07
15:47:54.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/xend.if 2006-03-17
14:30:03.000000000 -0500
@@ -0,0 +1,71 @@
+## <summary>policy for xen</summary>
+
@@ -1448,9 +1552,9 @@
+ allow $1 xenstored_t:unix_stream_socket connectto;
+')
+
-diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/xend.te
serefpolicy-2.2.23/policy/modules/system/xend.te
+diff --exclude-from=exclude -N -u -r
nsaserefpolicy/policy/modules/system/xend.te
serefpolicy-2.2.24/policy/modules/system/xend.te
--- nsaserefpolicy/policy/modules/system/xend.te 1969-12-31
19:00:00.000000000 -0500
-+++ serefpolicy-2.2.23/policy/modules/system/xend.te 2006-03-13
16:17:27.000000000 -0500
++++ serefpolicy-2.2.24/policy/modules/system/xend.te 2006-03-17
14:30:03.000000000 -0500
@@ -0,0 +1,219 @@
+policy_module(xend,1.0.0)
+
@@ -1671,9 +1775,9 @@
+
+xend_append_log(xenstored_t)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular
serefpolicy-2.2.23/Rules.modular
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular
serefpolicy-2.2.24/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-02-17 14:46:10.000000000 -0500
-+++ serefpolicy-2.2.23/Rules.modular 2006-03-07 13:42:37.000000000 -0500
++++ serefpolicy-2.2.24/Rules.modular 2006-03-17 14:30:03.000000000 -0500
@@ -204,7 +204,7 @@
#
$(APPDIR)/customizable_types: $(BASE_CONF)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.155
retrieving revision 1.156
diff -u -r1.155 -r1.156
--- selinux-policy.spec 18 Mar 2006 04:09:10 -0000 1.155
+++ selinux-policy.spec 21 Mar 2006 15:42:38 -0000 1.156
@@ -10,7 +10,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.2.24
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -133,7 +133,7 @@
. %{_sysconfdir}/selinux/config; \
FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.pre ]; then \
- /usr/sbin/fixfiles -C ${FILE_CONTEXT}.pre restore; \
+ fixfiles -C ${FILE_CONTEXT}.pre restore; \
rm -f ${FILE_CONTEXT}.pre; \
fi;
--
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits
|
|