From a0a4dcd2fefb369a2abeea474fd521d78f5cdce5 Mon Sep 17 00:00:00 2001
From: Miroslav <mgrepl@redhat.com>
Date: Feb 21 2012 11:39:38 +0000
Subject: Fix typos


---

diff --git a/policy-F16.patch b/policy-F16.patch
index dd8e351..3c6e4aa 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -44810,7 +44810,7 @@ index 256166a..2320c87 100644
 +/var/spool/mqueue\.in(/.*)?	gen_context(system_u:object_r:mqueue_spool_t,s0)
  /var/spool/mail(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
 diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
-index 343cee3..76a7780 100644
+index 343cee3..4099451 100644
 --- a/policy/modules/services/mta.if
 +++ b/policy/modules/services/mta.if
 @@ -37,9 +37,9 @@ interface(`mta_stub',`
@@ -44824,7 +44824,7 @@ index 343cee3..76a7780 100644
  	gen_require(`
  		attribute user_mail_domain;
  		type sendmail_exec_t;
-@@ -56,92 +56,11 @@ template(`mta_base_mail_template',`
+@@ -56,92 +56,15 @@ template(`mta_base_mail_template',`
  	type $1_mail_tmp_t;
  	files_tmp_file($1_mail_tmp_t)
  
@@ -44864,7 +44864,7 @@ index 343cee3..76a7780 100644
 +	files_tmp_filetrans($1_mail_t, $1_mail_tmp_t, { file dir })
  
  	auth_use_nsswitch($1_mail_t)
--
+ 
 -	init_dontaudit_rw_utmp($1_mail_t)
 -
 -	logging_send_syslog_msg($1_mail_t)
@@ -44877,9 +44877,9 @@ index 343cee3..76a7780 100644
 -		exim_manage_spool_files($1_mail_t)
 -	')
 -
--	optional_policy(`
--		postfix_domtrans_user_mail_handler($1_mail_t)
--	')
+ 	optional_policy(`
+ 		postfix_domtrans_user_mail_handler($1_mail_t)
+ 	')
 -
 -	optional_policy(`
 -		procmail_exec($1_mail_t)
@@ -44920,7 +44920,7 @@ index 343cee3..76a7780 100644
  ')
  
  ########################################
-@@ -158,6 +77,7 @@ template(`mta_base_mail_template',`
+@@ -158,6 +81,7 @@ template(`mta_base_mail_template',`
  ##	User domain for the role
  ##	</summary>
  ## </param>
@@ -44928,7 +44928,7 @@ index 343cee3..76a7780 100644
  #
  interface(`mta_role',`
  	gen_require(`
-@@ -169,11 +89,19 @@ interface(`mta_role',`
+@@ -169,11 +93,19 @@ interface(`mta_role',`
  
  	# Transition from the user domain to the derived domain.
  	domtrans_pattern($2, sendmail_exec_t, user_mail_t)
@@ -44949,7 +44949,7 @@ index 343cee3..76a7780 100644
  ')
  
  ########################################
-@@ -220,6 +148,25 @@ interface(`mta_agent_executable',`
+@@ -220,6 +152,25 @@ interface(`mta_agent_executable',`
  	application_executable_file($1)
  ')
  
@@ -44975,7 +44975,7 @@ index 343cee3..76a7780 100644
  ########################################
  ## <summary>
  ##	Make the specified type by a system MTA.
-@@ -306,7 +253,6 @@ interface(`mta_mailserver_sender',`
+@@ -306,7 +257,6 @@ interface(`mta_mailserver_sender',`
  interface(`mta_mailserver_delivery',`
  	gen_require(`
  		attribute mailserver_delivery;
@@ -44983,7 +44983,7 @@ index 343cee3..76a7780 100644
  	')
  
  	typeattribute $1 mailserver_delivery;
-@@ -330,12 +276,6 @@ interface(`mta_mailserver_user_agent',`
+@@ -330,12 +280,6 @@ interface(`mta_mailserver_user_agent',`
  	')
  
  	typeattribute $1 mta_user_agent;
@@ -44996,7 +44996,7 @@ index 343cee3..76a7780 100644
  ')
  
  ########################################
-@@ -350,9 +290,8 @@ interface(`mta_mailserver_user_agent',`
+@@ -350,9 +294,8 @@ interface(`mta_mailserver_user_agent',`
  #
  interface(`mta_send_mail',`
  	gen_require(`
@@ -45007,7 +45007,7 @@ index 343cee3..76a7780 100644
  	')
  
  	allow $1 mta_exec_type:lnk_file read_lnk_file_perms;
-@@ -391,12 +330,17 @@ interface(`mta_send_mail',`
+@@ -391,12 +334,17 @@ interface(`mta_send_mail',`
  #
  interface(`mta_sendmail_domtrans',`
  	gen_require(`
@@ -45027,7 +45027,7 @@ index 343cee3..76a7780 100644
  ')
  
  ########################################
-@@ -409,7 +353,6 @@ interface(`mta_sendmail_domtrans',`
+@@ -409,7 +357,6 @@ interface(`mta_sendmail_domtrans',`
  ##	</summary>
  ## </param>
  #
@@ -45035,7 +45035,7 @@ index 343cee3..76a7780 100644
  interface(`mta_signal_system_mail',`
  	gen_require(`
  		type system_mail_t;
-@@ -420,6 +363,24 @@ interface(`mta_signal_system_mail',`
+@@ -420,6 +367,24 @@ interface(`mta_signal_system_mail',`
  
  ########################################
  ## <summary>
@@ -45060,7 +45060,7 @@ index 343cee3..76a7780 100644
  ##	Execute sendmail in the caller domain.
  ## </summary>
  ## <param name="domain">
-@@ -438,6 +399,26 @@ interface(`mta_sendmail_exec',`
+@@ -438,6 +403,26 @@ interface(`mta_sendmail_exec',`
  
  ########################################
  ## <summary>
@@ -45087,7 +45087,7 @@ index 343cee3..76a7780 100644
  ##	Read mail server configuration.
  ## </summary>
  ## <param name="domain">
-@@ -474,7 +455,8 @@ interface(`mta_write_config',`
+@@ -474,7 +459,8 @@ interface(`mta_write_config',`
  		type etc_mail_t;
  	')
  
@@ -45097,7 +45097,7 @@ index 343cee3..76a7780 100644
  ')
  
  ########################################
-@@ -494,6 +476,7 @@ interface(`mta_read_aliases',`
+@@ -494,6 +480,7 @@ interface(`mta_read_aliases',`
  
  	files_search_etc($1)
  	allow $1 etc_aliases_t:file read_file_perms;
@@ -45105,7 +45105,7 @@ index 343cee3..76a7780 100644
  ')
  
  ########################################
-@@ -532,7 +515,7 @@ interface(`mta_etc_filetrans_aliases',`
+@@ -532,7 +519,7 @@ interface(`mta_etc_filetrans_aliases',`
  		type etc_aliases_t;
  	')
  
@@ -45114,7 +45114,7 @@ index 343cee3..76a7780 100644
  ')
  
  ########################################
-@@ -552,7 +535,7 @@ interface(`mta_rw_aliases',`
+@@ -552,7 +539,7 @@ interface(`mta_rw_aliases',`
  	')
  
  	files_search_etc($1)
@@ -45123,7 +45123,7 @@ index 343cee3..76a7780 100644
  ')
  
  #######################################
-@@ -646,8 +629,8 @@ interface(`mta_dontaudit_getattr_spool_files',`
+@@ -646,8 +633,8 @@ interface(`mta_dontaudit_getattr_spool_files',`
  
  	files_dontaudit_search_spool($1)
  	dontaudit $1 mail_spool_t:dir search_dir_perms;
@@ -45134,12 +45134,12 @@ index 343cee3..76a7780 100644
  ')
  
  #######################################
-@@ -677,7 +660,26 @@ interface(`mta_spool_filetrans',`
+@@ -677,7 +664,26 @@ interface(`mta_spool_filetrans',`
  	')
  
  	files_search_spool($1)
 -	filetrans_pattern($1, mail_spool_t, $2, $3)
-+	filetrans_pattern($1, mail_spool_t, $2, $3, $5)
++	filetrans_pattern($1, mail_spool_t, $2, $3, $4)
 +')
 +
 +#######################################
@@ -45162,7 +45162,7 @@ index 343cee3..76a7780 100644
  ')
  
  ########################################
-@@ -697,8 +699,8 @@ interface(`mta_rw_spool',`
+@@ -697,8 +703,8 @@ interface(`mta_rw_spool',`
  
  	files_search_spool($1)
  	allow $1 mail_spool_t:dir list_dir_perms;
@@ -45173,7 +45173,7 @@ index 343cee3..76a7780 100644
  	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
  ')
  
-@@ -838,7 +840,7 @@ interface(`mta_dontaudit_rw_queue',`
+@@ -838,7 +844,7 @@ interface(`mta_dontaudit_rw_queue',`
  	')
  
  	dontaudit $1 mqueue_spool_t:dir search_dir_perms;
@@ -45182,7 +45182,7 @@ index 343cee3..76a7780 100644
  ')
  
  ########################################
-@@ -864,6 +866,36 @@ interface(`mta_manage_queue',`
+@@ -864,6 +870,36 @@ interface(`mta_manage_queue',`
  
  #######################################
  ## <summary>
@@ -45219,7 +45219,7 @@ index 343cee3..76a7780 100644
  ##	Read sendmail binary.
  ## </summary>
  ## <param name="domain">
-@@ -899,3 +931,114 @@ interface(`mta_rw_user_mail_stream_sockets',`
+@@ -899,3 +935,114 @@ interface(`mta_rw_user_mail_stream_sockets',`
  
  	allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
  ')
@@ -45335,7 +45335,7 @@ index 343cee3..76a7780 100644
 +	mta_filetrans_admin_home_content($1)
 +')
 diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
-index 64268e4..c9c64a6 100644
+index 64268e4..7ede790 100644
 --- a/policy/modules/services/mta.te
 +++ b/policy/modules/services/mta.te
 @@ -20,14 +20,16 @@ files_type(etc_aliases_t)
@@ -45598,7 +45598,7 @@ index 64268e4..c9c64a6 100644
  	# Read user temporary files.
  	# postfix seems to need write access if the file handle is opened read/write
  	userdom_rw_user_tmp_files(user_mail_t)
-@@ -292,3 +315,115 @@ optional_policy(`
+@@ -292,3 +315,114 @@ optional_policy(`
  	postfix_read_config(user_mail_t)
  	postfix_list_spool(user_mail_t)
  ')
@@ -45687,7 +45687,6 @@ index 64268e4..c9c64a6 100644
 +	postfix_exec_master(user_mail_domain)
 +	postfix_read_config(user_mail_domain)
 +	postfix_search_spool(user_mail_domain)
-+	postfix_domtrans_user_mail_handler(user_mail_domain)
 +	postfix_rw_master_pipes(user_mail_domain)
 +
 +	ifdef(`distro_redhat',`
@@ -57024,13 +57023,27 @@ index 3386f29..b28cae5 100644
 +	files_etc_filetrans($1, rsync_etc_t, $2)
 +')
 diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te
-index 39015ae..967bebd 100644
+index 39015ae..8b08e21 100644
 --- a/policy/modules/services/rsync.te
 +++ b/policy/modules/services/rsync.te
-@@ -7,6 +7,13 @@ policy_module(rsync, 1.10.0)
+@@ -7,6 +7,27 @@ policy_module(rsync, 1.10.0)
  
  ## <desc>
  ## <p>
++## Allow rsync servers to share cifs files systems
++## </p>
++## </desc>
++gen_tunable(rsync_use_cifs, false)
++
++## <desc>
++## <p>
++## Allow rsync servers to share nfs files systems
++## </p>
++## </desc>
++gen_tunable(rsync_use_nfs, false)
++
++## <desc>
++## <p>
 +## Allow rsync to run as a client
 +## </p>
 +## </desc>
@@ -57041,7 +57054,7 @@ index 39015ae..967bebd 100644
  ## Allow rsync to export any files/directories read only.
  ## </p>
  ## </desc>
-@@ -23,7 +30,6 @@ gen_tunable(allow_rsync_anon_write, false)
+@@ -23,7 +44,6 @@ gen_tunable(allow_rsync_anon_write, false)
  
  type rsync_t;
  type rsync_exec_t;
@@ -57049,7 +57062,7 @@ index 39015ae..967bebd 100644
  application_executable_file(rsync_exec_t)
  role system_r types rsync_t;
  
-@@ -59,7 +65,7 @@ allow rsync_t self:udp_socket connected_socket_perms;
+@@ -59,7 +79,7 @@ allow rsync_t self:udp_socket connected_socket_perms;
  allow rsync_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
  #end for identd
  
@@ -57058,9 +57071,22 @@ index 39015ae..967bebd 100644
  
  allow rsync_t rsync_data_t:dir list_dir_perms;
  read_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
-@@ -122,12 +128,26 @@ optional_policy(`
+@@ -121,13 +141,39 @@ optional_policy(`
+ 	inetd_service_domain(rsync_t, rsync_exec_t)
  ')
  
++tunable_policy(`rsync_use_cifs',`
++	fs_list_cifs(rsync_t)
++	fs_read_cifs_files(rsync_t)
++	fs_read_cifs_symlinks(rsync_t)
++')
++
++tunable_policy(`rsync_use_nfs',`
++	fs_list_nfs(rsync_t)
++	fs_read_nfs_files(rsync_t)
++	fs_read_nfs_symlinks(rsync_t)
++')
++
  tunable_policy(`rsync_export_all_ro',`
 +	files_getattr_all_pipes(rsync_t)
  	fs_read_noxattr_fs_files(rsync_t) 
@@ -62649,7 +62675,7 @@ index 2124b6a..49c15d1 100644
 +# support for nova-stack
 +/usr/bin/nova-compute       --  gen_context(system_u:object_r:virtd_exec_t,s0)
 diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if
-index 7c5d8d8..5e7388f 100644
+index 7c5d8d8..45bac8e 100644
 --- a/policy/modules/services/virt.if
 +++ b/policy/modules/services/virt.if
 @@ -13,39 +13,44 @@
@@ -62934,7 +62960,7 @@ index 7c5d8d8..5e7388f 100644
 +	')
 +
 +	virt_search_lib($1)
-+	allow $1 virt_image_type:dir serach_dir_perms;
++	allow $1 virt_image_type:dir search_dir_perms;
 +')
 +
 +########################################
@@ -63236,7 +63262,7 @@ index 7c5d8d8..5e7388f 100644
 +')
 +
 diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
-index 3eca020..0637dfa 100644
+index 3eca020..a1bc102 100644
 --- a/policy/modules/services/virt.te
 +++ b/policy/modules/services/virt.te
 @@ -5,56 +5,81 @@ policy_module(virt, 1.4.0)
@@ -63776,7 +63802,7 @@ index 3eca020..0637dfa 100644
  files_read_usr_files(virt_domain)
  files_read_var_files(virt_domain)
  files_search_all(virt_domain)
-@@ -440,25 +618,372 @@ files_search_all(virt_domain)
+@@ -440,25 +618,373 @@ files_search_all(virt_domain)
  fs_getattr_tmpfs(virt_domain)
  fs_rw_anon_inodefs_files(virt_domain)
  fs_rw_tmpfs_files(virt_domain)
@@ -64017,10 +64043,11 @@ index 3eca020..0637dfa 100644
 +	execmem_exec(virtd_lxc_t)
 +')
 +
-+#optional_policy(`
++optional_policy(`
++	unconfined_domain(virtd_lxc_t)
 +#	unconfined_shell_domtrans(virtd_lxc_t)
 +#	unconfined_signal(virtd_t)
-+#')
++')
 +
 +########################################
 +#
@@ -70841,7 +70868,7 @@ index 14d9670..56960ca 100644
 +
  /var/run/iscsid\.pid	--	gen_context(system_u:object_r:iscsi_var_run_t,s0)
 diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
-index ddbd8be..75e2f9b 100644
+index ddbd8be..8ba922e 100644
 --- a/policy/modules/system/iscsi.te
 +++ b/policy/modules/system/iscsi.te
 @@ -66,6 +66,7 @@ files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
@@ -70856,7 +70883,7 @@ index ddbd8be..75e2f9b 100644
  corenet_tcp_connect_http_port(iscsid_t)
  corenet_tcp_connect_iscsi_port(iscsid_t)
  corenet_tcp_connect_isns_port(iscsid_t)
-+corenet_tcp_connect_winshadow(iscsid_t)
++corenet_tcp_connect_winshadow_port(iscsid_t)
  
  dev_rw_sysfs(iscsid_t)
  dev_rw_userio_dev(iscsid_t)