From a537f210aa2fcc2e3c420719020c829ad451d3df Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Apr 30 2010 15:15:45 +0000
Subject: - Dontaudit sandbox trying to connect to netlink sockets Resolves: #587609

- Add policy for piranha

---

diff --git a/modules-minimum.conf b/modules-minimum.conf
index 4e489a2..ebea990 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -1169,6 +1169,13 @@ pcmcia = base
 pegasus = module
 
 # Layer: services
+# Module: piranha
+#
+# piranha - various tools to administer and configure the Linux Virtual Server
+#
+piranha = module
+
+# Layer: services
 # Module: postgresql
 #
 # PostgreSQL relational database
diff --git a/modules-mls.conf b/modules-mls.conf
index 914cb73..e760232 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1107,6 +1107,13 @@ pcmcia = base
 pegasus = module
 
 # Layer: services
+# Module: piranha
+#
+# piranha - various tools to administer and configure the Linux Virtual Server
+# 
+piranha = module
+ 
+# Layer: services
 # Module: postgresql
 #
 # PostgreSQL relational database
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 4e489a2..ebea990 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1169,6 +1169,13 @@ pcmcia = base
 pegasus = module
 
 # Layer: services
+# Module: piranha
+#
+# piranha - various tools to administer and configure the Linux Virtual Server
+#
+piranha = module
+
+# Layer: services
 # Module: postgresql
 #
 # PostgreSQL relational database
diff --git a/policy-F13.patch b/policy-F13.patch
index 9991be0..b439cb1 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -10814,7 +10814,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te	2010-04-29 07:45:09.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te	2010-04-30 11:08:54.000000000 -0400
 @@ -0,0 +1,434 @@
 +policy_module(unconfineduser, 1.0.0)
 +
@@ -11051,45 +11051,45 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
 +		')
 +	')
 +
-+	init_dbus_chat_script(unconfined_t)
++	init_dbus_chat_script(unconfined_usertype)
 +
 +	dbus_stub(unconfined_t)
 +
 +	optional_policy(`
-+		bluetooth_dbus_chat(unconfined_t)
++		bluetooth_dbus_chat(unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		consolekit_dbus_chat(unconfined_t)
++		consolekit_dbus_chat(unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		cups_dbus_chat_config(unconfined_t)
++		cups_dbus_chat_config(unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		fprintd_dbus_chat(unconfined_t)
++		fprintd_dbus_chat(unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		gnomeclock_dbus_chat(unconfined_t)
++		gnomeclock_dbus_chat(unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		kerneloops_dbus_chat(unconfined_t)
++		kerneloops_dbus_chat(unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		oddjob_dbus_chat(unconfined_t)
++		oddjob_dbus_chat(unconfined_usertype)
 +	')
 +
 +	optional_policy(`
-+		vpnc_dbus_chat(unconfined_t)
++		vpnc_dbus_chat(unconfined_usertype)
 +	')
 +')
 +
 +optional_policy(`
-+	firewallgui_dbus_chat(unconfined_t)
++	firewallgui_dbus_chat(unconfined_usertype)
 +')
 +
 +optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 02c4c1b..305c7ca 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.19
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -468,10 +468,14 @@ exit 0
 %endif
 
 %changelog
+* Fri Apr 30 2010 Dan Walsh <dwalsh@redhat.com> 3.7.19-10
+- Dontaudit sandbox trying to connect to netlink sockets
+Resolves: #587609
+- Add policy for piranha
+
 * Thu Apr 29 2010 Dan Walsh <dwalsh@redhat.com> 3.7.19-9
 - Fixups for xguest policy
 - Fixes for running sandbox firefox
-Resolves: #587263
 
 * Wed Apr 28 2010 Dan Walsh <dwalsh@redhat.com> 3.7.19-8
 - Allow ksmtuned to use terminals