From 90e72ec234aed68b7d5d1e9af755a0600668713e Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Oct 09 2007 21:09:45 +0000
Subject: - Allow rsync to backup all files on a system via a boolean


---

diff --git a/policy-20070501.patch b/policy-20070501.patch
index 84fd4b2..40fadf2 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -5510,7 +5510,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 --- nsaserefpolicy/policy/modules/services/exim.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-2.6.4/policy/modules/services/exim.fc	2007-10-05 09:28:27.000000000 -0400
 @@ -0,0 +1,16 @@
-+# $Id: policy-20070501.patch,v 1.64 2007/10/09 20:56:30 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.65 2007/10/09 21:09:45 dwalsh Exp $
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
 +# Devin Carraway <selinux/at/devin.com>
@@ -5691,7 +5691,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 --- nsaserefpolicy/policy/modules/services/exim.te	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-2.6.4/policy/modules/services/exim.te	2007-10-05 09:28:22.000000000 -0400
 @@ -0,0 +1,229 @@
-+# $Id: policy-20070501.patch,v 1.64 2007/10/09 20:56:30 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.65 2007/10/09 21:09:45 dwalsh Exp $
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
 +# Devin Carraway <selinux/at/devin.com>
@@ -13040,7 +13040,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.6.4/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/unconfined.if	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/unconfined.if	2007-10-09 17:07:01.000000000 -0400
 @@ -18,7 +18,7 @@
  	')
  
@@ -13084,7 +13084,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  		nscd_unconfined($1)
  	')
  
-@@ -556,3 +559,39 @@
+@@ -556,3 +559,57 @@
  
  	allow $1 unconfined_t:dbus acquire_svc;
  ')
@@ -13124,6 +13124,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +
 +	allow $1 unconfined_tmp_t:file { getattr write append };
 +')
++
++########################################
++## <summary>
++##	Allow apps to set rlimits on userdomain
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`unconfined_set_rlimitnh',`
++	gen_require(`
++		type unconfined_t;
++	')
++
++	allow $1 unconfined_t:process rlimitinh;
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.4/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-05-07 14:51:02.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/unconfined.te	2007-10-01 16:12:39.000000000 -0400
@@ -13229,7 +13247,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  		init_dbus_chat_script(unconfined_execmem_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.4/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/userdomain.if	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/userdomain.if	2007-10-09 17:05:07.000000000 -0400
 @@ -114,6 +114,22 @@
  		# Allow making the stack executable via mprotect.
  		allow $1_t self:process execstack;
@@ -13675,7 +13693,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
  
  ########################################
-@@ -5721,3 +5717,112 @@
+@@ -5721,3 +5717,129 @@
  	allow $1 user_home_dir_t:dir manage_dir_perms;
  	files_home_filetrans($1,user_home_dir_t,dir)
  ')
@@ -13788,6 +13806,23 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +	allow $1 userdomain:process ptrace;
 +')
 +
++########################################
++## <summary>
++##	Allow apps to set rlimits on userdomain
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`userdom_set_rlimitnh',`
++	gen_require(`
++		attribute userdomain;
++	')
++	allow $1 userdomain:process rlimitinh;
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.6.4/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2007-05-07 14:51:01.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/userdomain.te	2007-08-07 09:42:35.000000000 -0400