From 44c8055e61f1f7787d02b2a5566e28e20f361ab0 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Feb 01 2011 18:36:30 +0000
Subject: - Add label for /var/www/cgi-bin/apcgui


---

diff --git a/policy-F13.patch b/policy-F13.patch
index a0645fe..551d0df 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -16666,7 +16666,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.19/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2010-04-13 18:44:37.000000000 +0000
-+++ serefpolicy-3.7.19/policy/modules/services/apache.te	2011-01-18 16:21:06.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/apache.te	2011-01-31 13:57:28.691455001 +0000
 @@ -19,11 +19,13 @@
  # Declarations
  #
@@ -17147,14 +17147,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
  	corenet_sendrecv_mssql_client_packets(httpd_suexec_t)
 +
 +
-+    corenet_tcp_connect_oracle_port(httpd_t)
-+    corenet_sendrecv_oracle_client_packets(httpd_t)
-+	corenet_tcp_connect_oracle_port(httpd_php_t)
-+	corenet_tcp_connect_oracle_port(httpd_suexec_t)
-+    corenet_sendrecv_oracle_client_packets(httpd_suexec_t)
-+    corenet_sendrecv_oracle_client_packets(httpd_php_t)
-+	corenet_tcp_connect_oracle_port(httpd_sys_script_t)
-+    corenet_sendrecv_oracle_client_packets(httpd_sys_script_t)
++    corenet_tcp_connect_oracledb_port(httpd_t)
++    corenet_sendrecv_oracledb_client_packets(httpd_t)
++	corenet_tcp_connect_oracledb_port(httpd_php_t)
++	corenet_tcp_connect_oracledb_port(httpd_suexec_t)
++    corenet_sendrecv_oracledb_client_packets(httpd_suexec_t)
++    corenet_sendrecv_oracledb_client_packets(httpd_php_t)
++	corenet_tcp_connect_oracledb_port(httpd_sys_script_t)
++    corenet_sendrecv_oracledb_client_packets(httpd_sys_script_t)
 +
  ')
  
@@ -17324,6 +17324,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +typealias httpd_sys_script_t      alias httpd_fastcgi_script_t;
 +typealias httpd_var_run_t         alias httpd_fastcgi_var_run_t;
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.7.19/policy/modules/services/apcupsd.fc
+--- nsaserefpolicy/policy/modules/services/apcupsd.fc	2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/apcupsd.fc	2011-01-31 14:53:40.013455001 +0000
+@@ -13,3 +13,4 @@
+ /var/www/apcupsd/upsfstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
+ /var/www/apcupsd/upsimage\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
+ /var/www/apcupsd/upsstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
++/var/www/cgi-bin/apcgui(/.*)?   gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.7.19/policy/modules/services/apcupsd.te
 --- nsaserefpolicy/policy/modules/services/apcupsd.te	2010-04-13 18:44:37.000000000 +0000
 +++ serefpolicy-3.7.19/policy/modules/services/apcupsd.te	2010-05-28 07:42:00.000000000 +0000
@@ -22948,8 +22956,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.te serefpolicy-3.7.19/policy/modules/services/dirsrv.te
 --- nsaserefpolicy/policy/modules/services/dirsrv.te	1970-01-01 00:00:00.000000000 +0000
-+++ serefpolicy-3.7.19/policy/modules/services/dirsrv.te	2011-01-14 15:32:12.000000000 +0000
-@@ -0,0 +1,180 @@
++++ serefpolicy-3.7.19/policy/modules/services/dirsrv.te	2011-01-31 10:53:20.942455001 +0000
+@@ -0,0 +1,182 @@
 +policy_module(dirsrv,1.0.0)
 +
 +########################################
@@ -23060,6 +23068,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
 +
 +fs_getattr_all_fs(dirsrv_t)
 +
++logging_send_syslog_msg(dirsrv_t)
++
 +miscfiles_read_localization(dirsrv_t)
 +
 +sysnet_dns_name_resolve(dirsrv_t)
@@ -32942,7 +32952,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  	admin_pattern($1, pptp_log_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.7.19/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2010-04-13 18:44:37.000000000 +0000
-+++ serefpolicy-3.7.19/policy/modules/services/ppp.te	2011-01-25 17:42:38.934455001 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ppp.te	2011-01-31 13:11:45.648455000 +0000
 @@ -71,9 +71,9 @@
  # PPPD Local policy
  #
@@ -32959,8 +32969,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  init_signal_script(pppd_t)
  
  auth_use_nsswitch(pppd_t)
-+auth_domtrans_chk_passwd(pppd_t
-+auth_write_login_record(pppd_t)
++auth_domtrans_chk_passwd(pppd_t)
++auth_write_login_records(pppd_t)
 +
  
  logging_send_syslog_msg(pppd_t)
@@ -35189,7 +35199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.7.19/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	2010-04-13 18:44:37.000000000 +0000
-+++ serefpolicy-3.7.19/policy/modules/services/ricci.te	2010-08-09 12:14:31.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ricci.te	2011-02-01 17:45:28.749796001 +0000
 @@ -11,6 +11,9 @@
  domain_type(ricci_t)
  init_daemon_domain(ricci_t, ricci_exec_t)
@@ -35288,7 +35298,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
  
  # log files
  allow ricci_modclusterd_t ricci_modcluster_var_log_t:dir setattr;
-@@ -294,6 +323,8 @@
+@@ -284,6 +313,7 @@
+ corenet_tcp_sendrecv_generic_if(ricci_modclusterd_t)
+ corenet_tcp_sendrecv_all_ports(ricci_modclusterd_t)
+ corenet_tcp_bind_generic_node(ricci_modclusterd_t)
++corenet_tcp_bind_all_rpc_ports(ricci_modclusterd_t)
+ corenet_tcp_bind_ricci_modcluster_port(ricci_modclusterd_t)
+ corenet_tcp_connect_ricci_modcluster_port(ricci_modclusterd_t)
+ 
+@@ -294,6 +324,8 @@
  
  fs_getattr_xattr_fs(ricci_modclusterd_t)
  
@@ -35297,7 +35315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
  init_stream_connect_script(ricci_modclusterd_t)
  
  locallogin_dontaudit_use_fds(ricci_modclusterd_t)
-@@ -303,7 +334,11 @@
+@@ -303,7 +335,11 @@
  miscfiles_read_localization(ricci_modclusterd_t)
  
  sysnet_domtrans_ifconfig(ricci_modclusterd_t)
@@ -35310,7 +35328,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
  
  optional_policy(`
  	ccs_domtrans(ricci_modclusterd_t)
-@@ -312,6 +347,10 @@
+@@ -312,6 +348,10 @@
  ')
  
  optional_policy(`
@@ -35321,7 +35339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
  	unconfined_use_fds(ricci_modclusterd_t)
  ')
  
-@@ -440,6 +479,12 @@
+@@ -440,6 +480,12 @@
  files_read_usr_files(ricci_modstorage_t)
  files_read_kernel_modules(ricci_modstorage_t)
  
@@ -35334,7 +35352,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
  storage_raw_read_fixed_disk(ricci_modstorage_t)
  
  term_dontaudit_use_console(ricci_modstorage_t)
-@@ -457,6 +502,11 @@
+@@ -457,6 +503,11 @@
  mount_domtrans(ricci_modstorage_t)
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 40c6d80..66e51d9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.19
-Release: 87%{?dist}
+Release: 88%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Feb 1 2011 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-88
+- Add label for /var/www/cgi-bin/apcgui
+
 * Thu Jan 27 2011 Miroslav Grepl <mgrepl@redhat.com> 3.7.19-87
 - Add execmem_exec_t label for gimp
 - Allow nagios plugin to read /proc/meminfo