From 59b8b016bcefeb3b5fa807a8b7e4cddca0d4edcd Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Feb 17 2010 21:59:07 +0000
Subject: - Fix file context of /var/lib/avahi-autoipd


---

diff --git a/policy-F13.patch b/policy-F13.patch
index 07dc96c..979061f 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -144,6 +144,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat
  
  optional_policy(`
  	apache_exec_modules(certwatch_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.if serefpolicy-3.7.9/policy/modules/admin/consoletype.if
+--- nsaserefpolicy/policy/modules/admin/consoletype.if	2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.7.9/policy/modules/admin/consoletype.if	2010-02-17 14:32:57.000000000 -0500
+@@ -19,6 +19,9 @@
+ 
+ 	corecmd_search_bin($1)
+ 	domtrans_pattern($1, consoletype_exec_t, consoletype_t)
++	ifdef(`hide_broken_symptoms', `
++	        dontaudit consoletype_t $1:socket_class_set { read write };
++	')
+ ')
+ 
+ ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.7.9/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2010-02-12 10:33:09.000000000 -0500
 +++ serefpolicy-3.7.9/policy/modules/admin/consoletype.te	2010-02-17 10:00:50.000000000 -0500
@@ -4557,8 +4570,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.9/policy/modules/apps/pulseaudio.te
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.9/policy/modules/apps/pulseaudio.te	2010-02-17 10:00:50.000000000 -0500
-@@ -11,6 +11,12 @@
++++ serefpolicy-3.7.9/policy/modules/apps/pulseaudio.te	2010-02-17 15:27:13.000000000 -0500
+@@ -11,6 +11,15 @@
  application_domain(pulseaudio_t, pulseaudio_exec_t)
  role system_r types pulseaudio_t;
  
@@ -4568,10 +4581,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
 +type pulseaudio_home_t;
 +userdom_user_home_content(pulseaudio_home_t)
 +
++type pulseaudio_tmpfs_t;
++files_tmpfs_file(pulseaudio_tmpfs_t)
++
  ########################################
  #
  # pulseaudio local policy
-@@ -18,7 +24,7 @@
+@@ -18,7 +27,7 @@
  
  allow pulseaudio_t self:process { getcap setcap setrlimit setsched getsched signal signull };
  allow pulseaudio_t self:fifo_file rw_file_perms;
@@ -4580,7 +4596,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  allow pulseaudio_t self:unix_dgram_socket { sendto create_socket_perms };
  allow pulseaudio_t self:tcp_socket create_stream_socket_perms;
  allow pulseaudio_t self:udp_socket create_socket_perms;
-@@ -26,6 +32,7 @@
+@@ -26,6 +35,7 @@
  
  can_exec(pulseaudio_t, pulseaudio_exec_t)
  
@@ -4588,7 +4604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  kernel_read_system_state(pulseaudio_t)
  kernel_read_kernel_sysctls(pulseaudio_t)
  
-@@ -63,12 +70,23 @@
+@@ -63,12 +73,23 @@
  miscfiles_read_localization(pulseaudio_t)
  
  optional_policy(`
@@ -4613,7 +4629,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  
  	optional_policy(`
  		consolekit_dbus_chat(pulseaudio_t)
-@@ -88,6 +106,10 @@
+@@ -88,6 +109,10 @@
  ')
  
  optional_policy(`
@@ -4624,7 +4640,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  	policykit_domtrans_auth(pulseaudio_t)
  	policykit_read_lib(pulseaudio_t)
  	policykit_read_reload(pulseaudio_t)
-@@ -98,6 +120,8 @@
+@@ -98,6 +123,9 @@
  ')
  
  optional_policy(`
@@ -4632,6 +4648,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
  	xserver_manage_xdm_tmp_files(pulseaudio_t)
  	xserver_read_xdm_lib_files(pulseaudio_t)
 +	xserver_read_xdm_pid(pulseaudio_t)
++	xserver_user_x_domain_template(pulseaudio, pulseaudio_t, pulseaudio_tmpfs_t)
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.7.9/policy/modules/apps/qemu.fc
 --- nsaserefpolicy/policy/modules/apps/qemu.fc	2009-07-14 14:19:57.000000000 -0400
@@ -14401,15 +14418,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.7.9/policy/modules/services/cobbler.fc
---- nsaserefpolicy/policy/modules/services/cobbler.fc	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.9/policy/modules/services/cobbler.fc	2010-02-17 10:00:50.000000000 -0500
-@@ -5,3 +5,5 @@
- 
- /var/lib/cobbler(/.*)?		gen_context(system_u:object_r:cobbler_var_lib_t, s0)
- /var/log/cobbler(/.*)?		gen_context(system_u:object_r:cobbler_var_log_t, s0)
-+
-+/var/lib/cobbler/webui_sessions(/.*)?	gen_context(system_u:object_r:httpd_cobbler_content_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.9/policy/modules/services/cobbler.if
 --- nsaserefpolicy/policy/modules/services/cobbler.if	2010-02-12 10:33:09.000000000 -0500
 +++ serefpolicy-3.7.9/policy/modules/services/cobbler.if	2010-02-17 10:00:50.000000000 -0500
@@ -14521,8 +14529,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.9/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.9/policy/modules/services/consolekit.te	2010-02-17 10:00:50.000000000 -0500
-@@ -21,7 +21,7 @@
++++ serefpolicy-3.7.9/policy/modules/services/consolekit.te	2010-02-17 15:27:13.000000000 -0500
+@@ -16,12 +16,15 @@
+ type consolekit_var_run_t;
+ files_pid_file(consolekit_var_run_t)
+ 
++type consolekit_tmpfs_t;
++files_tmpfs_file(consolekit_tmpfs_t)
++
+ ########################################
+ #
  # consolekit local policy
  #
  
@@ -14531,7 +14547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  allow consolekit_t self:process { getsched signal };
  allow consolekit_t self:fifo_file rw_fifo_file_perms;
  allow consolekit_t self:unix_stream_socket create_stream_socket_perms;
-@@ -59,28 +59,36 @@
+@@ -59,28 +62,36 @@
  term_use_all_terms(consolekit_t)
  
  auth_use_nsswitch(consolekit_t)
@@ -14572,7 +14588,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  ')
  
  optional_policy(`
-@@ -100,6 +108,7 @@
+@@ -100,6 +111,7 @@
  ')
  
  optional_policy(`
@@ -14580,11 +14596,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  	policykit_domtrans_auth(consolekit_t)
  	policykit_read_lib(consolekit_t)
  	policykit_read_reload(consolekit_t)
-@@ -110,9 +119,17 @@
+@@ -110,9 +122,18 @@
  	xserver_read_user_xauth(consolekit_t)
  	xserver_non_drawing_client(consolekit_t)
  	corenet_tcp_connect_xserver_port(consolekit_t)
 +	xserver_stream_connect(consolekit_t)
++	xserver_user_x_domain_template(consolekit, consolekit_t, consolekit_tmpfs_t)
 +')
 +
 +optional_policy(`
@@ -32784,8 +32801,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.7.9/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.9/policy/modules/system/sysnetwork.if	2010-02-17 10:00:50.000000000 -0500
-@@ -43,6 +43,36 @@
++++ serefpolicy-3.7.9/policy/modules/system/sysnetwork.if	2010-02-17 14:33:35.000000000 -0500
+@@ -43,6 +43,41 @@
  
  	sysnet_domtrans_dhcpc($1)
  	role $2 types dhcpc_t;
@@ -32795,15 +32812,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +	modutils_run_insmod(dhcpc_t, $2)
 +
 +	optional_policy(`
-+		hostname_run(dhcpc_t, $2)
++		consoletype_run(dhcpc_t, $2)
 +	')
 +
 +	optional_policy(`
-+		netutils_run_ping(dhcpc_t, $2)
++		hostname_run(dhcpc_t, $2)
 +	')
++
 +	optional_policy(`
 +		netutils_run(dhcpc_t, $2)
++		netutils_run_ping(dhcpc_t, $2)
 +	')
++
 +	optional_policy(`
 +		networkmanager_run(dhcpc_t, $2)
 +	')
@@ -32815,14 +32835,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +	optional_policy(`
 +		nscd_run(dhcpc_t, $2)
 +	')
++
 +	optional_policy(`
 +		ntp_run(dhcpc_t, $2)
 +	')
++
 +	seutil_run_setfiles(dhcpc_t, $2)
  ')
  
  ########################################
-@@ -192,7 +222,25 @@
+@@ -192,7 +227,25 @@
  		type dhcpc_state_t;
  	')
  
@@ -32849,7 +32871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  ')
  
  #######################################
-@@ -230,7 +278,8 @@
+@@ -230,7 +283,8 @@
  	')
  
  	files_search_etc($1)
@@ -32859,7 +32881,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  ')
  
  #######################################
-@@ -323,7 +372,8 @@
+@@ -323,7 +377,8 @@
  		type net_conf_t;
  	')
  
@@ -32869,7 +32891,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  ')
  
  #######################################
-@@ -380,6 +430,10 @@
+@@ -380,6 +435,10 @@
  
  	corecmd_search_bin($1)
  	domtrans_pattern($1, ifconfig_exec_t, ifconfig_t)
@@ -32880,7 +32902,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  ')
  
  ########################################
-@@ -464,6 +518,7 @@
+@@ -464,6 +523,7 @@
  	')
  
  	files_search_etc($1)
@@ -32888,7 +32910,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  	read_files_pattern($1, dhcp_etc_t, dhcp_etc_t)
  ')
  
-@@ -541,6 +596,7 @@
+@@ -541,6 +601,7 @@
  		type net_conf_t;
  	')
  
@@ -32896,7 +32918,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  	allow $1 self:tcp_socket create_socket_perms;
  	allow $1 self:udp_socket create_socket_perms;
  
-@@ -556,7 +612,15 @@
+@@ -556,7 +617,15 @@
  	corenet_sendrecv_dns_client_packets($1)
  
  	files_search_etc($1)
@@ -32913,7 +32935,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  ')
  
  ########################################
-@@ -586,6 +650,8 @@
+@@ -586,6 +655,8 @@
  
  	files_search_etc($1)
  	allow $1 net_conf_t:file read_file_perms;
@@ -32922,7 +32944,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  ')
  
  ########################################
-@@ -620,3 +686,49 @@
+@@ -620,3 +691,49 @@
  	files_search_etc($1)
  	allow $1 net_conf_t:file read_file_perms;
  ')
@@ -32974,7 +32996,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.7.9/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.9/policy/modules/system/sysnetwork.te	2010-02-17 10:00:50.000000000 -0500
++++ serefpolicy-3.7.9/policy/modules/system/sysnetwork.te	2010-02-17 14:31:05.000000000 -0500
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t, dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -33052,15 +33074,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  
  fs_getattr_all_fs(dhcpc_t)
  fs_search_auto_mountpoints(dhcpc_t)
-@@ -146,7 +158,7 @@
- ')
- 
- optional_policy(`
--	consoletype_domtrans(dhcpc_t)
-+	consoletype_exec(dhcpc_t)
- ')
- 
- optional_policy(`
 @@ -183,25 +195,23 @@
  ')