From 7504555173f55cda7ad9e1a76c68d489041d5f66 Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Aug 12 2014 12:37:25 +0000
Subject: * Tue Aug 12 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.29

- Allow sensord to send a signal.
- Allow smokeping cgi script to send syslog messages (#1122163)
- docker needs setfcap

---

diff --git a/policy-f19-contrib.patch b/policy-f19-contrib.patch
index 95f8e9b..ef49e9c 100644
--- a/policy-f19-contrib.patch
+++ b/policy-f19-contrib.patch
@@ -22548,7 +22548,7 @@ index 0000000..683dfdc
 +')
 diff --git a/docker.te b/docker.te
 new file mode 100644
-index 0000000..73e71c1
+index 0000000..42e76e3
 --- /dev/null
 +++ b/docker.te
 @@ -0,0 +1,274 @@
@@ -22611,7 +22611,7 @@ index 0000000..73e71c1
 +#
 +# docker local policy
 +#
-+allow docker_t self:capability { chown fowner fsetid mknod net_admin net_bind_service };
++allow docker_t self:capability { chown fowner fsetid mknod net_admin net_bind_service setfcap };
 +allow docker_t self:process { getattr signal_perms };
 +allow docker_t self:fifo_file rw_fifo_file_perms;
 +allow docker_t self:unix_stream_socket create_stream_socket_perms;
@@ -68630,18 +68630,20 @@ index 3698b51..e306360 100644
  
 -miscfiles_read_localization(rabbitmq_epmd_t)
 diff --git a/radius.fc b/radius.fc
-index c84b7ae..29c453e 100644
+index c84b7ae..4125f6d 100644
 --- a/radius.fc
 +++ b/radius.fc
-@@ -9,6 +9,8 @@
+@@ -9,7 +9,9 @@
  /usr/sbin/radiusd	--	gen_context(system_u:object_r:radiusd_exec_t,s0)
  /usr/sbin/freeradius	--	gen_context(system_u:object_r:radiusd_exec_t,s0)
  
+-/var/lib/radiousd(/.*)?	gen_context(system_u:object_r:radiusd_var_lib_t,s0)
 +/usr/lib/systemd/system/radiusd.* --  gen_context(system_u:object_r:radiusd_unit_file_t,s0)
 +
- /var/lib/radiousd(/.*)?	gen_context(system_u:object_r:radiusd_var_lib_t,s0)
++/var/lib/radiusd(/.*)?	gen_context(system_u:object_r:radiusd_var_lib_t,s0)
  
  /var/log/freeradius(/.*)?	gen_context(system_u:object_r:radiusd_log_t,s0)
+ /var/log/radacct(/.*)?	gen_context(system_u:object_r:radiusd_log_t,s0)
 diff --git a/radius.if b/radius.if
 index 4460582..60cf556 100644
 --- a/radius.if
@@ -81601,10 +81603,10 @@ index d204752..31cc6e6 100644
 +	')
  ')
 diff --git a/sensord.te b/sensord.te
-index 5e82fd6..f3e5808 100644
+index 5e82fd6..64e130f 100644
 --- a/sensord.te
 +++ b/sensord.te
-@@ -9,12 +9,18 @@ type sensord_t;
+@@ -9,27 +9,35 @@ type sensord_t;
  type sensord_exec_t;
  init_daemon_domain(sensord_t, sensord_exec_t)
  
@@ -81623,7 +81625,10 @@ index 5e82fd6..f3e5808 100644
  ########################################
  #
  # Local policy
-@@ -23,13 +29,13 @@ files_pid_file(sensord_var_run_t)
+ #
+ 
++allow sensord_t self:process signal;
++
  allow sensord_t self:fifo_file rw_fifo_file_perms;
  allow sensord_t self:unix_stream_socket create_stream_socket_perms;
  
@@ -82884,7 +82889,7 @@ index 1fa51c1..82e111c 100644
  	smokeping_initrc_domtrans($1)
  	domain_system_change_exemption($1)
 diff --git a/smokeping.te b/smokeping.te
-index a8b1aaf..fc0a2be 100644
+index a8b1aaf..4689a59 100644
 --- a/smokeping.te
 +++ b/smokeping.te
 @@ -24,6 +24,7 @@ files_type(smokeping_var_lib_t)
@@ -82912,12 +82917,14 @@ index a8b1aaf..fc0a2be 100644
  mta_send_mail(smokeping_t)
  
  netutils_domtrans_ping(smokeping_t)
-@@ -70,6 +68,8 @@ optional_policy(`
+@@ -70,6 +68,10 @@ optional_policy(`
  	files_search_tmp(httpd_smokeping_cgi_script_t)
  	files_search_var_lib(httpd_smokeping_cgi_script_t)
  
 +	auth_read_passwd(httpd_smokeping_cgi_script_t)
 +
++    logging_send_syslog_msg(httpd_smokeping_cgi_script_t)
++
  	sysnet_dns_name_resolve(httpd_smokeping_cgi_script_t)
  
  	netutils_domtrans_ping(httpd_smokeping_cgi_script_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index bf2b84e..12ab5e5 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 74.28%{?dist}
+Release: 74.29%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -542,6 +542,11 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Tue Aug 12 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.29
+- Allow sensord to send a signal.
+- Allow smokeping cgi script to send syslog messages (#1122163)
+- docker needs setfcap
+
 * Thu Jun 19 2014 Lukas Vrabec <lvrabec@redhat.com> 3.12.1-74.28
 - Added docker policy
 - Allow chrome_sandbox to execute config_home_t