From f30b43fb2ddf14b7f05fedc64b1df42fb6c01315 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Feb 29 2012 09:09:57 +0000
Subject: * Wed Feb 29 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-78

- Allow memcache to create sock_file

---

diff --git a/policy-F16.patch b/policy-F16.patch
index 938444c..7bcb0ec 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -43323,46 +43323,43 @@ index 0000000..5b84980
 +')
 diff --git a/policy/modules/services/matahari.fc b/policy/modules/services/matahari.fc
 new file mode 100644
-index 0000000..7f36870
+index 0000000..126cbe8
 --- /dev/null
 +++ b/policy/modules/services/matahari.fc
-@@ -0,0 +1,30 @@
-+/etc/rc\.d/init\.d/matahari-host	gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
-+/etc/rc\.d/init\.d/matahari-net		gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
-+/etc/rc\.d/init\.d/matahari-service	gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
-+/etc/rc\.d/init\.d/matahari-sysconfig	gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
-+
-+/usr/sbin/matahari-hostd	--	gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
-+
-+/usr/sbin/matahari-dbus-hostd	--	gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
-+
-+/usr/sbin/matahari-qmf-hostd	--	gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
+@@ -0,0 +1,27 @@
++/etc/rc\.d/init\.d/matahari-host			--	gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/matahari-net				--	gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/matahari-service			--	gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/matahari-sysconfig		--	gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
++/etc/init.d/matahari-sysconfig-console  	--  gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
 +
-+/usr/sbin/matahari-qmf-sysconfigd	--	gen_context(system_u:object_r:matahari_sysconfigd_exec_t,s0)
 +
-+/usr/sbin/matahari-netd		--	gen_context(system_u:object_r:matahari_netd_exec_t,s0)
++/usr/sbin/matahari-hostd					--	gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
++/usr/sbin/matahari-dbus-hostd				--	gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
++/usr/sbin/matahari-qmf-hostd				--	gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
 +
-+/usr/sbin/matahari-dbus-networkd		--	gen_context(system_u:object_r:matahari_netd_exec_t,s0)
++/usr/sbin/matahari-qmf-sysconfigd			--	gen_context(system_u:object_r:matahari_sysconfigd_exec_t,s0)
++/usr/sbin/matahari-qmf-sysconfig-consoled   --  gen_context(system_u:object_r:matahari_sysconfigd_exec_t,s0)
 +
-+/usr/sbin/matahari-qmf-networkd		--	gen_context(system_u:object_r:matahari_netd_exec_t,s0)
++/usr/sbin/matahari-netd						--	gen_context(system_u:object_r:matahari_netd_exec_t,s0)
++/usr/sbin/matahari-dbus-networkd			--	gen_context(system_u:object_r:matahari_netd_exec_t,s0)
++/usr/sbin/matahari-qmf-networkd				--	gen_context(system_u:object_r:matahari_netd_exec_t,s0)
 +
-+/usr/sbin/matahari-serviced	--	gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
++/usr/sbin/matahari-serviced					--	gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
++/usr/sbin/matahari-dbus-serviced			--	gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
++/usr/sbin/matahari-qmf-serviced				--	gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
 +
-+/usr/sbin/matahari-dbus-serviced	--	gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
++/var/lib/matahari(/.*)?							gen_context(system_u:object_r:matahari_var_lib_t,s0)
 +
-+/usr/sbin/matahari-qmf-serviced	--	gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
-+
-+/var/lib/matahari(/.*)?			gen_context(system_u:object_r:matahari_var_lib_t,s0)
-+
-+/var/run/matahari(/.*)?			gen_context(system_u:object_r:matahari_var_run_t,s0)
-+/var/run/matahari\.pid	--		gen_context(system_u:object_r:matahari_var_run_t,s0)
-+/var/run/matahari-broker\.pid	--	gen_context(system_u:object_r:matahari_var_run_t,s0)
++/var/run/matahari(/.*)?							gen_context(system_u:object_r:matahari_var_run_t,s0)
++/var/run/matahari\.pid						--	gen_context(system_u:object_r:matahari_var_run_t,s0)
++/var/run/matahari-broker\.pid				--	gen_context(system_u:object_r:matahari_var_run_t,s0)
 diff --git a/policy/modules/services/matahari.if b/policy/modules/services/matahari.if
 new file mode 100644
-index 0000000..0d771fd
+index 0000000..d1f7a42
 --- /dev/null
 +++ b/policy/modules/services/matahari.if
-@@ -0,0 +1,250 @@
+@@ -0,0 +1,251 @@
 +## <summary>policy for matahari</summary>
 +
 +######################################
@@ -43585,8 +43582,9 @@ index 0000000..0d771fd
 +		type matahari_hostd_t;
 +		type matahari_netd_t;
 +		type matahari_serviced_t;
-+                type matahari_var_lib_t;
-+                type matahari_var_run_t;
++		type matahari_sysconfigd_t;
++		type matahari_var_lib_t;
++		type matahari_var_run_t;
 +	')
 +
 +	init_labeled_script_domtrans($1, matahari_initrc_exec_t)
@@ -43761,6 +43759,16 @@ index 98d28b4..1c1d012 100644
 +
 +        delete_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
 +')
+diff --git a/policy/modules/services/memcached.fc b/policy/modules/services/memcached.fc
+index 4d69477..d3b4f39 100644
+--- a/policy/modules/services/memcached.fc
++++ b/policy/modules/services/memcached.fc
+@@ -2,4 +2,5 @@
+ 
+ /usr/bin/memcached		--	gen_context(system_u:object_r:memcached_exec_t,s0)
+ 
++/var/run/ipa_memcached(/.*)?        gen_context(system_u:object_r:memcached_var_run_t,s0)
+ /var/run/memcached(/.*)?		gen_context(system_u:object_r:memcached_var_run_t,s0)
 diff --git a/policy/modules/services/memcached.if b/policy/modules/services/memcached.if
 index db4fd6f..7fe8321 100644
 --- a/policy/modules/services/memcached.if
@@ -43847,7 +43855,7 @@ index db4fd6f..7fe8321 100644
  	admin_pattern($1, memcached_var_run_t)
  ')
 diff --git a/policy/modules/services/memcached.te b/policy/modules/services/memcached.te
-index b681608..08b1b49 100644
+index b681608..0934c95 100644
 --- a/policy/modules/services/memcached.te
 +++ b/policy/modules/services/memcached.te
 @@ -20,7 +20,7 @@ files_pid_file(memcached_var_run_t)
@@ -43859,6 +43867,16 @@ index b681608..08b1b49 100644
  dontaudit memcached_t self:capability sys_tty_config;
  allow memcached_t self:process { setrlimit signal_perms };
  allow memcached_t self:tcp_socket create_stream_socket_perms;
+@@ -42,7 +42,8 @@ corenet_udp_bind_memcache_port(memcached_t)
+ 
+ manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
+ manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
+-files_pid_filetrans(memcached_t, memcached_var_run_t, { file dir })
++manage_sock_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
++files_pid_filetrans(memcached_t, memcached_var_run_t, { file dir sock_file })
+ 
+ kernel_read_kernel_sysctls(memcached_t)
+ kernel_read_system_state(memcached_t)
 diff --git a/policy/modules/services/milter.fc b/policy/modules/services/milter.fc
 index 55a3e2f..bc489e0 100644
 --- a/policy/modules/services/milter.fc
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 09ab505..2479833 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 77%{?dist}
+Release: 78%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -466,6 +466,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Feb 29 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-78
+- Allow memcache to create sock_file
+
 * Mon Feb 27 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-77
 - Dontaudit sandbox to shudown unconfined_execmem stream
 - Allow smtpd_t to manage spool files/directories and symbolic links