From 639e8044281391a675b5dd81cfa804eef55f785f Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Oct 22 2012 17:52:25 +0000
Subject: - Add labeling for mcollectived

- Allow openshift domains to read localization

---

diff --git a/policy-F16.patch b/policy-F16.patch
index dcffc5e..084d39f 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -49982,10 +49982,10 @@ index 0000000..a437f80
 +files_read_config_files(openshift_domain)
 diff --git a/policy/modules/services/openshift.fc b/policy/modules/services/openshift.fc
 new file mode 100644
-index 0000000..8283601
+index 0000000..fbadaba
 --- /dev/null
 +++ b/policy/modules/services/openshift.fc
-@@ -0,0 +1,23 @@
+@@ -0,0 +1,24 @@
 +/etc/rc\.d/init\.d/libra        gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/mcollective        gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
 +
@@ -50001,11 +50001,12 @@ index 0000000..8283601
 +
 +/var/log/mcollective\.log        --    gen_context(system_u:object_r:openshift_log_t,s0)
 +
-+/usr/bin/rhc-cgroup-read        --    gen_context(system_u:object_r:openshift_cgroup_read_exec_t,s0)
++/usr/bin/(oo|rhc)-cgroup-read        --    gen_context(system_u:object_r:openshift_cgroup_read_exec_t,s0)
 +
-+/usr/bin/rhc-restorer           --    gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
-+/usr/bin/rhc-restorer-wrapper.sh    --  gen_context(unconfined_u:object_r:httpd_openshift_script_exec_t,s0)
++/usr/bin/(oo|rhc)-restorer           --    gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
++/usr/bin/(oo|rhc)-restorer-wrapper.sh    --  gen_context(unconfined_u:object_r:httpd_openshift_script_exec_t,s0)
 +/usr/bin/oo-admin-ctl-gears	--	gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
++/usr/sbin/mcollectived			--		gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
 +
 +/var/run/stickshift(/.*)?		    	gen_context(system_u:object_r:openshift_var_run_t,s0)
 +/var/run/openshift(/.*)?               gen_context(system_u:object_r:openshift_var_run_t,s0)
@@ -50573,10 +50574,10 @@ index 0000000..681f8a0
 +')
 diff --git a/policy/modules/services/openshift.te b/policy/modules/services/openshift.te
 new file mode 100644
-index 0000000..0f91146
+index 0000000..fa79ac6
 --- /dev/null
 +++ b/policy/modules/services/openshift.te
-@@ -0,0 +1,349 @@
+@@ -0,0 +1,355 @@
 +policy_module(openshift,1.0.0)
 +
 +gen_require(`
@@ -50741,6 +50742,7 @@ index 0000000..0f91146
 +corecmd_exec_all_executables(openshift_domain)
 +
 +dev_read_sysfs(openshift_domain)
++dev_read_urand(openshift_domain)
 +dev_read_rand(openshift_domain)
 +dev_dontaudit_append_rand(openshift_domain)
 +dev_dontaudit_write_urand(openshift_domain)
@@ -50795,6 +50797,7 @@ index 0000000..0f91146
 +
 +init_dontaudit_read_utmp(openshift_domain)
 +
++miscfiles_read_localization(openshift_domain)
 +miscfiles_read_fonts(openshift_domain)
 +miscfiles_dontaudit_setattr_fonts_cache_dirs(openshift_domain)
 +
@@ -50871,6 +50874,10 @@ index 0000000..0f91146
 +
 +allow openshift_user_domain openshift_domain:process ptrace;
 +
++optional_policy(`
++	ssh_rw_tcp_sockets(openshift_user_domain)
++')
++
 +############################################################################
 +#
 +# Rules specific to openshift and openshift_app_t
@@ -61464,7 +61471,7 @@ index 606a098..2a3ea76 100644
  libs_exec_lib_files(fsdaemon_t)
  
 diff --git a/policy/modules/services/smokeping.te b/policy/modules/services/smokeping.te
-index 740994a..a92ba26 100644
+index 740994a..23b852d 100644
 --- a/policy/modules/services/smokeping.te
 +++ b/policy/modules/services/smokeping.te
 @@ -23,7 +23,7 @@ files_type(smokeping_var_lib_t)
@@ -61476,6 +61483,13 @@ index 740994a..a92ba26 100644
  allow smokeping_t self:fifo_file rw_fifo_file_perms;
  allow smokeping_t self:udp_socket create_socket_perms;
  allow smokeping_t self:unix_stream_socket create_stream_socket_perms;
+@@ -74,4 +74,6 @@ optional_policy(`
+ 	files_search_var_lib(httpd_smokeping_cgi_script_t)
+ 
+ 	sysnet_dns_name_resolve(httpd_smokeping_cgi_script_t)
++
++	netutils_domtrans_ping(httpd_smokeping_cgi_script_t)
+ ')
 diff --git a/policy/modules/services/snmp.fc b/policy/modules/services/snmp.fc
 index 623c8fa..0a802f7 100644
 --- a/policy/modules/services/snmp.fc
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 5fac803..d965116 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 92%{?dist}
+Release: 93%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -466,6 +466,10 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Mon Oct 22 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-93
+- Add labeling for mcollectived
+- Allow openshift domains to read localization
+
 * Fri Oct 12 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-92
 - Fix httpd_stickshift boolean
 - Backport openshift policy