From 89ec74347ad251b15442c3df48c76a3353b70a3a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Dec 09 2008 19:33:46 +0000 Subject: - Add pki policy --- diff --git a/policy-20070703.patch b/policy-20070703.patch index 21eccd1..c624fe6 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -1,55 +1,3 @@ -diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.0.8/Rules.modular ---- nsaserefpolicy/Rules.modular 2008-06-12 23:37:58.000000000 -0400 -+++ serefpolicy-3.0.8/Rules.modular 2008-10-20 16:22:16.000000000 -0400 -@@ -96,6 +96,9 @@ - @test -d $(builddir) || mkdir -p $(builddir) - $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers - -+ifneq "$(UNK_PERMS)" "" -+$(base_mod): CHECKMODULE += -U $(UNK_PERMS) -+endif - $(base_mod): $(base_conf) - @echo "Compiling $(NAME) base module" - $(verbose) $(CHECKMODULE) $^ -o $@ -@@ -144,6 +147,7 @@ - - $(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy - $(tmpdir)/rolemap.conf: $(rolemap) -+ $(verbose) echo "" > $@ - $(call parse-rolemap,base,$@) - - $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy -diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.0.8/Rules.monolithic ---- nsaserefpolicy/Rules.monolithic 2008-06-12 23:37:58.000000000 -0400 -+++ serefpolicy-3.0.8/Rules.monolithic 2008-10-20 16:22:16.000000000 -0400 -@@ -63,6 +63,9 @@ - # - # Build a binary policy locally - # -+ifneq "$(UNK_PERMS)" "" -+$(polver): CHECKPOLICY += -U $(UNK_PERMS) -+endif - $(polver): $(policy_conf) - @echo "Compiling $(NAME) $(polver)" - ifneq ($(pv),$(kv)) -@@ -76,6 +79,9 @@ - # - # Install a binary policy - # -+ifneq "$(UNK_PERMS)" "" -+$(loadpath): CHECKPOLICY += -U $(UNK_PERMS) -+endif - $(loadpath): $(policy_conf) - @mkdir -p $(policypath) - @echo "Compiling and installing $(NAME) $(loadpath)" -@@ -127,6 +133,7 @@ - @echo "divert" >> $@ - - $(tmpdir)/rolemap.conf: $(rolemap) -+ $(verbose) echo "" > $@ - $(call parse-rolemap,base,$@) - - $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.0.8/config/appconfig-mcs/default_contexts --- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-06-12 23:37:54.000000000 -0400 +++ serefpolicy-3.0.8/config/appconfig-mcs/default_contexts 2008-10-20 16:22:16.000000000 -0400 @@ -144,6 +92,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u +staff_r:staff_sudo_t:s0 staff_r:staff_t:s0 +sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0 +sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0 +diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.0.8/config/appconfig-mcs/userhelper_context +--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-06-12 23:37:54.000000000 -0400 ++++ serefpolicy-3.0.8/config/appconfig-mcs/userhelper_context 2008-10-20 16:22:16.000000000 -0400 +@@ -1 +1 @@ +-system_u:sysadm_r:sysadm_t:s0 ++system_u:system_r:unconfined_t:s0 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.0.8/config/appconfig-mcs/user_u_default_contexts --- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-3.0.8/config/appconfig-mcs/user_u_default_contexts 2008-10-20 16:22:16.000000000 -0400 @@ -155,12 +109,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_ +system_r:xdm_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0 +user_r:user_su_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0 +user_r:user_sudo_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0 -diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.0.8/config/appconfig-mcs/userhelper_context ---- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-06-12 23:37:54.000000000 -0400 -+++ serefpolicy-3.0.8/config/appconfig-mcs/userhelper_context 2008-10-20 16:22:16.000000000 -0400 -@@ -1 +1 @@ --system_u:sysadm_r:sysadm_t:s0 -+system_u:system_r:unconfined_t:s0 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.0.8/config/appconfig-mcs/xguest_u_default_contexts --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-3.0.8/config/appconfig-mcs/xguest_u_default_contexts 2008-10-20 16:22:16.000000000 -0400 @@ -2487,6 +2435,80 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te userdom_use_all_users_fds(rpm_script_t) +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.0.8/policy/modules/admin/sudo.if +--- nsaserefpolicy/policy/modules/admin/sudo.if 2008-06-12 23:37:55.000000000 -0400 ++++ serefpolicy-3.0.8/policy/modules/admin/sudo.if 2008-10-20 16:22:16.000000000 -0400 +@@ -55,7 +55,7 @@ + # + + # Use capabilities. +- allow $1_sudo_t self:capability { fowner setuid setgid dac_override sys_resource }; ++ allow $1_sudo_t self:capability { fowner setuid setgid dac_override sys_nice sys_resource }; + allow $1_sudo_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; + allow $1_sudo_t self:process { setexec setrlimit }; + allow $1_sudo_t self:fd use; +@@ -68,7 +68,6 @@ + allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms; + allow $1_sudo_t self:unix_dgram_socket sendto; + allow $1_sudo_t self:unix_stream_socket connectto; +- allow $1_sudo_t self:netlink_audit_socket { create bind write nlmsg_read read }; + allow $1_sudo_t self:netlink_route_socket r_netlink_socket_perms; + + # Enter this derived domain from the user domain +@@ -76,6 +75,7 @@ + + # By default, revert to the calling domain when a shell is executed. + corecmd_shell_domtrans($1_sudo_t,$2) ++ corecmd_bin_domtrans($1_sudo_t,$2) + allow $2 $1_sudo_t:fd use; + allow $2 $1_sudo_t:fifo_file rw_file_perms; + allow $2 $1_sudo_t:process sigchld; +@@ -89,9 +89,11 @@ + fs_search_auto_mountpoints($1_sudo_t) + fs_getattr_xattr_fs($1_sudo_t) + +- auth_domtrans_chk_passwd($1_sudo_t) ++ auth_run_chk_passwd($1_sudo_t, $3, { $1_tty_device_t $1_devpts_t }) ++ auth_run_upd_passwd($1_sudo_t, $3, { $1_tty_device_t $1_devpts_t }) + # sudo stores a token in the pam_pid directory + auth_manage_pam_pid($1_sudo_t) ++ auth_search_key($1_sudo_t) + + corecmd_read_bin_symlinks($1_sudo_t) + corecmd_getattr_all_executables($1_sudo_t) +@@ -106,18 +108,21 @@ + files_getattr_usr_files($1_sudo_t) + # for some PAM modules and for cwd + files_dontaudit_search_home($1_sudo_t) ++ files_list_tmp($1_sudo_t) + + init_rw_utmp($1_sudo_t) + + libs_use_ld_so($1_sudo_t) + libs_use_shared_libs($1_sudo_t) + ++ logging_send_audit_msgs($1_sudo_t) + logging_send_syslog_msg($1_sudo_t) + + miscfiles_read_localization($1_sudo_t) + + userdom_manage_user_home_content_files($1,$1_sudo_t) + userdom_manage_user_home_content_symlinks($1,$1_sudo_t) ++ + userdom_manage_user_tmp_files($1,$1_sudo_t) + userdom_manage_user_tmp_symlinks($1,$1_sudo_t) + userdom_use_user_terminals($1,$1_sudo_t) +@@ -126,6 +131,10 @@ + userdom_dontaudit_search_all_users_home_content($1_sudo_t) + + optional_policy(` ++ locallogin_search_keys($1_sudo_t) ++ ') ++ ++ optional_policy(` + nis_use_ypbind($1_sudo_t) + ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.0.8/policy/modules/admin/su.if --- nsaserefpolicy/policy/modules/admin/su.if 2008-06-12 23:37:55.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/admin/su.if 2008-10-20 16:22:16.000000000 -0400 @@ -2585,80 +2607,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s ifdef(`TODO',` allow $1_su_t $1_home_t:file manage_file_perms; -diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.0.8/policy/modules/admin/sudo.if ---- nsaserefpolicy/policy/modules/admin/sudo.if 2008-06-12 23:37:55.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/admin/sudo.if 2008-10-20 16:22:16.000000000 -0400 -@@ -55,7 +55,7 @@ - # - - # Use capabilities. -- allow $1_sudo_t self:capability { fowner setuid setgid dac_override sys_resource }; -+ allow $1_sudo_t self:capability { fowner setuid setgid dac_override sys_nice sys_resource }; - allow $1_sudo_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; - allow $1_sudo_t self:process { setexec setrlimit }; - allow $1_sudo_t self:fd use; -@@ -68,7 +68,6 @@ - allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms; - allow $1_sudo_t self:unix_dgram_socket sendto; - allow $1_sudo_t self:unix_stream_socket connectto; -- allow $1_sudo_t self:netlink_audit_socket { create bind write nlmsg_read read }; - allow $1_sudo_t self:netlink_route_socket r_netlink_socket_perms; - - # Enter this derived domain from the user domain -@@ -76,6 +75,7 @@ - - # By default, revert to the calling domain when a shell is executed. - corecmd_shell_domtrans($1_sudo_t,$2) -+ corecmd_bin_domtrans($1_sudo_t,$2) - allow $2 $1_sudo_t:fd use; - allow $2 $1_sudo_t:fifo_file rw_file_perms; - allow $2 $1_sudo_t:process sigchld; -@@ -89,9 +89,11 @@ - fs_search_auto_mountpoints($1_sudo_t) - fs_getattr_xattr_fs($1_sudo_t) - -- auth_domtrans_chk_passwd($1_sudo_t) -+ auth_run_chk_passwd($1_sudo_t, $3, { $1_tty_device_t $1_devpts_t }) -+ auth_run_upd_passwd($1_sudo_t, $3, { $1_tty_device_t $1_devpts_t }) - # sudo stores a token in the pam_pid directory - auth_manage_pam_pid($1_sudo_t) -+ auth_search_key($1_sudo_t) - - corecmd_read_bin_symlinks($1_sudo_t) - corecmd_getattr_all_executables($1_sudo_t) -@@ -106,18 +108,21 @@ - files_getattr_usr_files($1_sudo_t) - # for some PAM modules and for cwd - files_dontaudit_search_home($1_sudo_t) -+ files_list_tmp($1_sudo_t) - - init_rw_utmp($1_sudo_t) - - libs_use_ld_so($1_sudo_t) - libs_use_shared_libs($1_sudo_t) - -+ logging_send_audit_msgs($1_sudo_t) - logging_send_syslog_msg($1_sudo_t) - - miscfiles_read_localization($1_sudo_t) - - userdom_manage_user_home_content_files($1,$1_sudo_t) - userdom_manage_user_home_content_symlinks($1,$1_sudo_t) -+ - userdom_manage_user_tmp_files($1,$1_sudo_t) - userdom_manage_user_tmp_symlinks($1,$1_sudo_t) - userdom_use_user_terminals($1,$1_sudo_t) -@@ -126,6 +131,10 @@ - userdom_dontaudit_search_all_users_home_content($1_sudo_t) - - optional_policy(` -+ locallogin_search_keys($1_sudo_t) -+ ') -+ -+ optional_policy(` - nis_use_ypbind($1_sudo_t) - ') - diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te --- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-06-12 23:37:55.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/admin/tmpreaper.te 2008-10-20 16:22:16.000000000 -0400 @@ -14053,7 +14001,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.8/policy/modules/services/networkmanager.te --- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-06-12 23:37:57.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2008-11-03 15:38:58.000000000 -0500 ++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2008-12-02 11:34:41.000000000 -0500 @@ -1,5 +1,5 @@ -policy_module(networkmanager,1.7.1) @@ -14157,7 +14105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw libs_use_ld_so(NetworkManager_t) libs_use_shared_libs(NetworkManager_t) -@@ -98,26 +128,40 @@ +@@ -98,26 +128,39 @@ seutil_read_config(NetworkManager_t) @@ -14184,7 +14132,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw # Read gnome-keyring userdom_read_unpriv_users_home_content_files(NetworkManager_t) +userdom_unpriv_users_stream_connect(NetworkManager_t) -+ +userdom_dontaudit_search_sysadm_home_dirs(NetworkManager_t) + +cron_read_system_job_lib_files(NetworkManager_t) @@ -14205,7 +14152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw ') optional_policy(` -@@ -129,15 +173,19 @@ +@@ -129,15 +172,19 @@ ') optional_policy(` @@ -14234,7 +14181,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw ') optional_policy(` -@@ -145,39 +193,86 @@ +@@ -145,39 +192,86 @@ ') optional_policy(` @@ -18752,6 +18699,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog -allow rlogind_t userpty_type:chr_file setattr; + kerberos_manage_host_rcache(rlogind_t) ') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.0.8/policy/modules/services/rpcbind.te +--- nsaserefpolicy/policy/modules/services/rpcbind.te 2008-06-12 23:37:57.000000000 -0400 ++++ serefpolicy-3.0.8/policy/modules/services/rpcbind.te 2008-10-20 16:22:16.000000000 -0400 +@@ -21,11 +21,13 @@ + # rpcbind local policy + # + +-allow rpcbind_t self:capability setuid; ++allow rpcbind_t self:capability { dac_override setuid sys_tty_config }; + allow rpcbind_t self:fifo_file rw_file_perms; + allow rpcbind_t self:unix_stream_socket create_stream_socket_perms; + allow rpcbind_t self:netlink_route_socket r_netlink_socket_perms; + allow rpcbind_t self:udp_socket create_socket_perms; ++# BROKEN ... ++dontaudit rpcbind_t self:udp_socket listen; + allow rpcbind_t self:tcp_socket create_stream_socket_perms; + + manage_files_pattern(rpcbind_t,rpcbind_var_run_t,rpcbind_var_run_t) +@@ -37,6 +39,7 @@ + manage_sock_files_pattern(rpcbind_t,rpcbind_var_lib_t,rpcbind_var_lib_t) + files_var_lib_filetrans(rpcbind_t,rpcbind_var_lib_t, { file dir sock_file }) + ++kernel_read_system_state(rpcbind_t) + kernel_read_network_state(rpcbind_t) + + corenet_all_recvfrom_unlabeled(rpcbind_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.0.8/policy/modules/services/rpc.if --- nsaserefpolicy/policy/modules/services/rpc.if 2008-06-12 23:37:57.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/services/rpc.if 2008-10-20 16:22:16.000000000 -0400 @@ -18887,32 +18860,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc. tunable_policy(`allow_gssd_read_tmp',` userdom_list_unpriv_users_tmp(gssd_t) userdom_read_unpriv_users_tmp_files(gssd_t) -diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.0.8/policy/modules/services/rpcbind.te ---- nsaserefpolicy/policy/modules/services/rpcbind.te 2008-06-12 23:37:57.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/services/rpcbind.te 2008-10-20 16:22:16.000000000 -0400 -@@ -21,11 +21,13 @@ - # rpcbind local policy - # - --allow rpcbind_t self:capability setuid; -+allow rpcbind_t self:capability { dac_override setuid sys_tty_config }; - allow rpcbind_t self:fifo_file rw_file_perms; - allow rpcbind_t self:unix_stream_socket create_stream_socket_perms; - allow rpcbind_t self:netlink_route_socket r_netlink_socket_perms; - allow rpcbind_t self:udp_socket create_socket_perms; -+# BROKEN ... -+dontaudit rpcbind_t self:udp_socket listen; - allow rpcbind_t self:tcp_socket create_stream_socket_perms; - - manage_files_pattern(rpcbind_t,rpcbind_var_run_t,rpcbind_var_run_t) -@@ -37,6 +39,7 @@ - manage_sock_files_pattern(rpcbind_t,rpcbind_var_lib_t,rpcbind_var_lib_t) - files_var_lib_filetrans(rpcbind_t,rpcbind_var_lib_t, { file dir sock_file }) - -+kernel_read_system_state(rpcbind_t) - kernel_read_network_state(rpcbind_t) - - corenet_all_recvfrom_unlabeled(rpcbind_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.0.8/policy/modules/services/rshd.te --- nsaserefpolicy/policy/modules/services/rshd.te 2008-06-12 23:37:57.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/services/rshd.te 2008-10-20 16:22:16.000000000 -0400 @@ -29721,6 +29668,58 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.0 - gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats) -') +gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats) +diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.0.8/Rules.modular +--- nsaserefpolicy/Rules.modular 2008-06-12 23:37:58.000000000 -0400 ++++ serefpolicy-3.0.8/Rules.modular 2008-10-20 16:22:16.000000000 -0400 +@@ -96,6 +96,9 @@ + @test -d $(builddir) || mkdir -p $(builddir) + $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers + ++ifneq "$(UNK_PERMS)" "" ++$(base_mod): CHECKMODULE += -U $(UNK_PERMS) ++endif + $(base_mod): $(base_conf) + @echo "Compiling $(NAME) base module" + $(verbose) $(CHECKMODULE) $^ -o $@ +@@ -144,6 +147,7 @@ + + $(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy + $(tmpdir)/rolemap.conf: $(rolemap) ++ $(verbose) echo "" > $@ + $(call parse-rolemap,base,$@) + + $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy +diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.0.8/Rules.monolithic +--- nsaserefpolicy/Rules.monolithic 2008-06-12 23:37:58.000000000 -0400 ++++ serefpolicy-3.0.8/Rules.monolithic 2008-10-20 16:22:16.000000000 -0400 +@@ -63,6 +63,9 @@ + # + # Build a binary policy locally + # ++ifneq "$(UNK_PERMS)" "" ++$(polver): CHECKPOLICY += -U $(UNK_PERMS) ++endif + $(polver): $(policy_conf) + @echo "Compiling $(NAME) $(polver)" + ifneq ($(pv),$(kv)) +@@ -76,6 +79,9 @@ + # + # Install a binary policy + # ++ifneq "$(UNK_PERMS)" "" ++$(loadpath): CHECKPOLICY += -U $(UNK_PERMS) ++endif + $(loadpath): $(policy_conf) + @mkdir -p $(policypath) + @echo "Compiling and installing $(NAME) $(loadpath)" +@@ -127,6 +133,7 @@ + @echo "divert" >> $@ + + $(tmpdir)/rolemap.conf: $(rolemap) ++ $(verbose) echo "" > $@ + $(call parse-rolemap,base,$@) + + $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.0.8/support/Makefile.devel --- nsaserefpolicy/support/Makefile.devel 2008-06-12 23:37:58.000000000 -0400 +++ serefpolicy-3.0.8/support/Makefile.devel 2008-10-20 16:22:16.000000000 -0400