From c47b4f546672a345a8955ce2f3a2e16a76e83116 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Nov 25 2008 18:31:43 +0000
Subject: - Allow dhcpc to read ypbind.pid


---

diff --git a/policy-20080710.patch b/policy-20080710.patch
index 328e226..03f3fca 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -31686,7 +31686,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.5.13/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.te	2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.te	2008-11-25 13:30:04.000000000 -0500
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t,dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -31742,7 +31742,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ifdef(`distro_redhat', `
  	files_exec_etc_files(dhcpc_t)
  ')
-@@ -185,25 +187,22 @@
+@@ -185,25 +187,23 @@
  ')
  
  optional_policy(`
@@ -31750,16 +31750,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	nis_signal_ypbind(dhcpc_t)
 -	nis_read_ypbind_pid(dhcpc_t)
 -	nis_delete_ypbind_pid(dhcpc_t)
--
--	# dhclient sometimes starts ypbind
--	init_exec_script_files(dhcpc_t)
--	nis_domtrans_ypbind(dhcpc_t)
 +	networkmanager_domtrans(dhcpc_t)
 +	networkmanager_read_pid_files(dhcpc_t)
 +')
-+
+ 
+-	# dhclient sometimes starts ypbind
+-	init_exec_script_files(dhcpc_t)
+-	nis_domtrans_ypbind(dhcpc_t)
 +optional_policy(`
 +	nis_ypbind_initrc_domtrans(dhcpc_t)
++	nis_read_ypbind_pid(dhcpc_t)
  ')
  
  optional_policy(`
@@ -31776,7 +31776,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -214,6 +213,11 @@
+@@ -214,6 +214,11 @@
  optional_policy(`
  	seutil_sigchld_newrole(dhcpc_t)
  	seutil_dontaudit_search_config(dhcpc_t)
@@ -31788,7 +31788,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -225,6 +229,10 @@
+@@ -225,6 +230,10 @@
  ')
  
  optional_policy(`
@@ -31799,7 +31799,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	kernel_read_xen_state(dhcpc_t)
  	kernel_write_xen_state(dhcpc_t)
  	xen_append_log(dhcpc_t)
-@@ -238,7 +246,6 @@
+@@ -238,7 +247,6 @@
  
  allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
  allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
@@ -31807,7 +31807,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  allow ifconfig_t self:fd use;
  allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-@@ -252,6 +259,7 @@
+@@ -252,6 +260,7 @@
  allow ifconfig_t self:sem create_sem_perms;
  allow ifconfig_t self:msgq create_msgq_perms;
  allow ifconfig_t self:msg { send receive };
@@ -31815,7 +31815,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  # Create UDP sockets, necessary when called from dhcpc
  allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -261,13 +269,20 @@
+@@ -261,13 +270,20 @@
  allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
  allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
  allow ifconfig_t self:tcp_socket { create ioctl };
@@ -31836,7 +31836,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_rw_tun_tap_dev(ifconfig_t)
  
-@@ -278,8 +293,13 @@
+@@ -278,8 +294,13 @@
  fs_getattr_xattr_fs(ifconfig_t)
  fs_search_auto_mountpoints(ifconfig_t)
  
@@ -31850,7 +31850,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  domain_use_interactive_fds(ifconfig_t)
  
-@@ -300,6 +320,8 @@
+@@ -300,6 +321,8 @@
  
  seutil_use_runinit_fds(ifconfig_t)
  
@@ -31859,7 +31859,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  userdom_use_all_users_fds(ifconfig_t)
  
  ifdef(`distro_ubuntu',`
-@@ -335,6 +357,14 @@
+@@ -335,6 +358,14 @@
  ')
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d635568..c87eac4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 25%{?dist}
+Release: 26%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Nov 25 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-26
+- Allow dhcpc to read ypbind.pid
+
 * Tue Nov 25 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-25
 - Allow postfix_smtpd to getattr on directories and file systems