@@ -667615,7 +667891,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.fc serefpolicy-3.3.1/policy/modules/services/zabbix.fc
--- nsaserefpolicy/policy/modules/services/zabbix.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.fc 2009-02-04 10:54:48.000000000 +0100
@@ -1,5 +1,8 @@
+
/usr/bin/zabbix_server -- gen_context(system_u:object_r:zabbix_exec_t,s0)
@@ -667627,7 +667903,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
+/etc/rc\.d/init\.d/zabbix -- gen_context(system_u:object_r:zabbix_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.if serefpolicy-3.3.1/policy/modules/services/zabbix.if
--- nsaserefpolicy/policy/modules/services/zabbix.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.if 2009-02-04 10:54:48.000000000 +0100
@@ -79,6 +79,25 @@
########################################
@@ -667686,7 +667962,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-3.3.1/policy/modules/services/zabbix.te
--- nsaserefpolicy/policy/modules/services/zabbix.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.te 2009-02-04 10:54:48.000000000 +0100
@@ -18,6 +18,9 @@
type zabbix_var_run_t;
files_pid_file(zabbix_var_run_t)
@@ -667699,7 +667975,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
# zabbix local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.fc serefpolicy-3.3.1/policy/modules/services/zebra.fc
--- nsaserefpolicy/policy/modules/services/zebra.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.fc 2009-02-04 10:54:48.000000000 +0100
@@ -14,3 +14,10 @@
/var/run/\.zebra -s gen_context(system_u:object_r:zebra_var_run_t,s0)
/var/run/\.zserv -s gen_context(system_u:object_r:zebra_var_run_t,s0)
@@ -667713,7 +667989,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
+/etc/rc\.d/init\.d/zebra -- gen_context(system_u:object_r:zebra_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.3.1/policy/modules/services/zebra.if
--- nsaserefpolicy/policy/modules/services/zebra.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.if 2009-02-04 10:54:48.000000000 +0100
@@ -18,12 +18,32 @@
files_search_etc($1)
@@ -667790,7 +668066,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-3.3.1/policy/modules/services/zebra.te
--- nsaserefpolicy/policy/modules/services/zebra.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.te 2009-02-04 10:54:48.000000000 +0100
@@ -30,6 +30,9 @@
type zebra_var_run_t;
files_pid_file(zebra_var_run_t)
@@ -667820,7 +668096,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.3.1/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/application.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/application.te 2009-02-04 10:54:48.000000000 +0100
@@ -7,6 +7,12 @@
# Executables to be run by user
attribute application_exec_type;
@@ -667836,7 +668112,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
ssh_rw_stream_sockets(application_domain_type)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.3.1/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc 2009-02-04 10:54:48.000000000 +0100
@@ -7,12 +7,10 @@
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
@@ -667865,7 +668141,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.3.1/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.if 2009-02-04 10:54:48.000000000 +0100
@@ -56,10 +56,6 @@
miscfiles_read_localization($1_chkpwd_t)
@@ -668161,7 +668437,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.3.1/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.te 2009-02-04 10:54:48.000000000 +0100
@@ -59,6 +59,9 @@
type utempter_exec_t;
application_domain(utempter_t,utempter_exec_t)
@@ -668273,7 +668549,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.3.1/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.fc 2009-02-04 10:54:48.000000000 +0100
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -668289,7 +668565,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.if serefpolicy-3.3.1/policy/modules/system/fstools.if
--- nsaserefpolicy/policy/modules/system/fstools.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.if 2009-02-04 10:54:48.000000000 +0100
@@ -142,3 +142,21 @@
allow $1 swapfile_t:file getattr;
@@ -668314,7 +668590,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.3.1/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.te 2009-02-04 10:54:48.000000000 +0100
@@ -97,6 +97,10 @@
fs_getattr_tmpfs_dirs(fsadm_t)
fs_read_tmpfs_symlinks(fsadm_t)
@@ -668338,7 +668614,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.fc serefpolicy-3.3.1/policy/modules/system/getty.fc
--- nsaserefpolicy/policy/modules/system/getty.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/getty.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/getty.fc 2009-02-04 10:54:48.000000000 +0100
@@ -8,5 +8,5 @@
/var/run/mgetty\.pid.* -- gen_context(system_u:object_r:getty_var_run_t,s0)
@@ -668349,7 +668625,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
+/var/spool/voice(/.*)? gen_context(system_u:object_r:getty_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.3.1/policy/modules/system/getty.te
--- nsaserefpolicy/policy/modules/system/getty.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/getty.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/getty.te 2009-02-04 10:54:48.000000000 +0100
@@ -9,6 +9,7 @@
type getty_t;
type getty_exec_t;
@@ -668360,7 +668636,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
type getty_etc_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.3.1/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/hostname.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/hostname.te 2009-02-04 10:54:48.000000000 +0100
@@ -8,7 +8,9 @@
type hostname_t;
@@ -668374,7 +668650,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.3.1/policy/modules/system/hotplug.te
--- nsaserefpolicy/policy/modules/system/hotplug.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/hotplug.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/hotplug.te 2009-02-04 10:54:48.000000000 +0100
@@ -120,6 +120,7 @@
optional_policy(`
# for arping used for static IP addresses on PCMCIA ethernet
@@ -668393,7 +668669,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.3.1/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.fc 2009-02-04 10:54:48.000000000 +0100
@@ -4,8 +4,7 @@
/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -668411,7 +668687,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
-
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.3.1/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.if 2009-02-04 10:54:48.000000000 +0100
@@ -211,6 +211,16 @@
kernel_dontaudit_use_fds($1)
')
@@ -668789,7 +669065,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.3.1/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.te 2009-02-04 10:54:48.000000000 +0100
@@ -10,6 +10,20 @@
# Declarations
#
@@ -669126,7 +669402,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.3.1/policy/modules/system/ipsec.fc
--- nsaserefpolicy/policy/modules/system/ipsec.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc 2009-02-04 10:54:48.000000000 +0100
@@ -16,6 +16,8 @@
/usr/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -669146,7 +669422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.3.1/policy/modules/system/ipsec.if
--- nsaserefpolicy/policy/modules/system/ipsec.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.if 2009-02-04 10:54:48.000000000 +0100
@@ -152,6 +152,25 @@
########################################
@@ -669175,7 +669451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.3.1/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.te 2009-02-04 10:54:48.000000000 +0100
@@ -55,11 +55,13 @@
allow ipsec_t self:capability { net_admin dac_override dac_read_search };
@@ -669205,7 +669481,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
can_exec(ipsec_t, ipsec_mgmt_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.3.1/policy/modules/system/iptables.if
--- nsaserefpolicy/policy/modules/system/iptables.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iptables.if 2009-02-04 10:54:48.000000000 +0100
@@ -49,6 +49,12 @@
iptables_domtrans($1)
role $2 types iptables_t;
@@ -669221,7 +669497,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iptables.te 2009-02-04 10:54:48.000000000 +0100
@@ -27,7 +27,7 @@
allow iptables_t self:process { sigchld sigkill sigstop signull signal };
allow iptables_t self:rawip_socket create_socket_perms;
@@ -669274,7 +669550,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-3.3.1/policy/modules/system/iscsi.fc
--- nsaserefpolicy/policy/modules/system/iscsi.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iscsi.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iscsi.fc 2009-02-04 10:54:48.000000000 +0100
@@ -1,5 +1,5 @@
/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
@@ -669285,7 +669561,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
/var/run/iscsid\.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.3.1/policy/modules/system/iscsi.te
--- nsaserefpolicy/policy/modules/system/iscsi.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iscsi.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iscsi.te 2009-02-04 10:54:48.000000000 +0100
@@ -28,8 +28,8 @@
# iscsid local policy
#
@@ -669316,7 +669592,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2009-01-30 11:17:26.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2009-02-04 10:54:48.000000000 +0100
@@ -69,8 +69,10 @@
ifdef(`distro_gentoo',`
# despite the extensions, they are actually libs
@@ -669442,7 +669718,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.3.1/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/libraries.te 2009-02-04 10:54:48.000000000 +0100
@@ -23,6 +23,9 @@
init_system_domain(ldconfig_t,ldconfig_exec_t)
role system_r types ldconfig_t;
@@ -669521,7 +669797,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.3.1/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/locallogin.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/locallogin.te 2009-02-04 10:54:48.000000000 +0100
@@ -131,6 +131,7 @@
miscfiles_read_localization(local_login_t)
@@ -669590,7 +669866,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.3.1/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.fc 2009-02-04 10:54:48.000000000 +0100
@@ -4,6 +4,8 @@
/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
/etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
@@ -669638,7 +669914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+/var/cfengine/outputs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.if 2009-02-04 10:54:48.000000000 +0100
@@ -213,12 +213,7 @@
##
#
@@ -669891,7 +670167,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.3.1/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.te 2009-02-04 10:54:48.000000000 +0100
@@ -61,10 +61,29 @@
logging_log_file(var_log_t)
files_mountpoint(var_log_t)
@@ -670144,7 +670420,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.3.1/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/lvm.fc 2009-02-04 10:54:48.000000000 +0100
@@ -55,6 +55,7 @@
/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -670160,7 +670436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
+/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.3.1/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/lvm.te 2009-02-04 10:54:48.000000000 +0100
@@ -22,7 +22,7 @@
role system_r types lvm_t;
@@ -670339,7 +670615,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.3.1/policy/modules/system/miscfiles.fc
--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.fc 2009-02-04 10:54:48.000000000 +0100
@@ -11,6 +11,7 @@
/etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
@@ -670355,7 +670631,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
+HOME_DIR/\.fontconfig(/.*)? gen_context(system_u:object_r:user_fonts_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.3.1/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if 2009-02-04 10:54:48.000000000 +0100
@@ -489,3 +489,65 @@
manage_lnk_files_pattern($1,locale_t,locale_t)
')
@@ -670424,7 +670700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.3.1/policy/modules/system/miscfiles.te
--- nsaserefpolicy/policy/modules/system/miscfiles.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.te 2009-02-04 10:54:48.000000000 +0100
@@ -20,6 +20,14 @@
files_type(fonts_t)
@@ -670442,7 +670718,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
type hwdata_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.3.1/policy/modules/system/modutils.if
--- nsaserefpolicy/policy/modules/system/modutils.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/modutils.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/modutils.if 2009-02-04 10:54:48.000000000 +0100
@@ -66,6 +66,25 @@
########################################
@@ -670479,7 +670755,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.3.1/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/modutils.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/modutils.te 2009-02-04 10:54:48.000000000 +0100
@@ -22,6 +22,8 @@
type insmod_exec_t;
application_domain(insmod_t,insmod_exec_t)
@@ -670622,7 +670898,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
#################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.3.1/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.fc 2009-02-04 10:54:48.000000000 +0100
@@ -1,4 +1,6 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -670634,7 +670910,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.3.1/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.if 2009-02-04 14:59:39.000000000 +0100
@@ -48,7 +48,9 @@
mount_domtrans($1)
@@ -670646,9 +670922,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
optional_policy(`
samba_run_smbmount($1, $2, $3)
+@@ -171,3 +173,23 @@
+ role $2 types unconfined_mount_t;
+ allow unconfined_mount_t $3:chr_file rw_file_perms;
+ ')
++
++######################################
++##
++## Send signal to mount process
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`mount_signal',`
++ gen_require(`
++ type mount_t;
++ ')
++
++ allow $1 mount_t:process signal;
++')
++
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.3.1/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.te 2009-02-04 10:54:48.000000000 +0100
@@ -18,17 +18,18 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -670809,7 +671109,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-3.3.1/policy/modules/system/netlabel.te
--- nsaserefpolicy/policy/modules/system/netlabel.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/netlabel.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/netlabel.te 2009-02-04 10:54:48.000000000 +0100
@@ -9,6 +9,7 @@
type netlabel_mgmt_t;
type netlabel_mgmt_exec_t;
@@ -670820,14 +671120,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlab
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.fc serefpolicy-3.3.1/policy/modules/system/qemu.fc
--- nsaserefpolicy/policy/modules/system/qemu.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,3 @@
+
+/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.3.1/policy/modules/system/qemu.if
--- nsaserefpolicy/policy/modules/system/qemu.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,336 @@
+
+## policy for qemu
@@ -671167,7 +671467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.3.1/policy/modules/system/qemu.te
--- nsaserefpolicy/policy/modules/system/qemu.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,79 @@
+policy_module(qemu,1.0.0)
+
@@ -671250,7 +671550,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.3.1/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/raid.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/raid.te 2009-02-04 10:54:48.000000000 +0100
@@ -19,7 +19,7 @@
# Local policy
#
@@ -671278,7 +671578,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc 2009-02-04 10:54:48.000000000 +0100
@@ -38,7 +38,7 @@
/usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0)
/usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0)
@@ -671299,7 +671599,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+/var/lib/selinux(/.*)? gen_context(system_u:object_r:selinux_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.3.1/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if 2009-02-04 10:54:48.000000000 +0100
@@ -389,7 +389,7 @@
##
##
@@ -671799,7 +672099,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.3.1/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.te 2009-02-04 10:54:48.000000000 +0100
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -672162,7 +672462,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-3.3.1/policy/modules/system/setrans.fc
--- nsaserefpolicy/policy/modules/system/setrans.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.fc 2009-02-04 10:54:48.000000000 +0100
@@ -1,3 +1,5 @@
/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0)
@@ -672171,7 +672471,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
+/etc/rc\.d/init\.d/mcstrans -- gen_context(system_u:object_r:setrans_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.3.1/policy/modules/system/setrans.if
--- nsaserefpolicy/policy/modules/system/setrans.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.if 2009-02-04 10:54:48.000000000 +0100
@@ -13,6 +13,7 @@
interface(`setrans_translate_context',`
gen_require(`
@@ -672206,7 +672506,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.3.1/policy/modules/system/setrans.te
--- nsaserefpolicy/policy/modules/system/setrans.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.te 2009-02-04 10:54:48.000000000 +0100
@@ -14,6 +14,9 @@
files_pid_file(setrans_var_run_t)
mls_trusted_object(setrans_var_run_t)
@@ -672236,7 +672536,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc 2009-01-30 15:43:22.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc 2009-02-04 10:54:48.000000000 +0100
@@ -57,3 +57,5 @@
ifdef(`distro_gentoo',`
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
@@ -672245,7 +672545,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.3.1/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if 2009-02-04 10:54:48.000000000 +0100
@@ -145,6 +145,25 @@
########################################
@@ -672383,7 +672683,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2009-02-04 10:54:48.000000000 +0100
@@ -20,6 +20,10 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -672584,7 +672884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
xen_append_log(ifconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.3.1/policy/modules/system/udev.if
--- nsaserefpolicy/policy/modules/system/udev.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/udev.if 2009-02-04 10:54:48.000000000 +0100
@@ -96,6 +96,24 @@
########################################
@@ -672640,7 +672940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.i
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.3.1/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/udev.te 2009-02-04 10:54:48.000000000 +0100
@@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t)
@@ -672698,7 +672998,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.3.1/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc 2009-02-04 10:54:48.000000000 +0100
@@ -1,16 +1,26 @@
# Add programs here which should not be confined by SELinux
# e.g.:
@@ -672734,7 +673034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.3.1/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.if 2009-02-04 10:54:48.000000000 +0100
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -673090,7 +673390,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2009-02-04 10:54:48.000000000 +0100
@@ -6,35 +6,72 @@
# Declarations
#
@@ -673431,7 +673731,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.3.1/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.fc 2009-02-04 10:54:48.000000000 +0100
@@ -1,4 +1,5 @@
-HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
-HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
@@ -673444,7 +673744,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2009-02-04 14:47:08.000000000 +0100
@@ -29,9 +29,14 @@
')
@@ -674929,7 +675229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2276,10 +2395,10 @@
+@@ -2276,10 +2395,37 @@
#
template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
@@ -674939,10 +675239,37 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
- dontaudit $2 $1_home_t:file execute;
+ dontaudit $2 user_home_t:file execute;
++')
++
++#######################################
++##
++## Manage any content in the home directory
++##
++##
++##
++## The user domain
++##
++##
++##
++#
++interface(`userdom_manage_home_content',`
++ gen_require(`
++ type user_home_dir_t;
++ attribute user_home_type;
++ ')
++
++ files_list_home($1)
++ manage_dirs_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
++ manage_files_pattern($1, { user_home_dir_t user_home_type },user_home_type)
++ manage_lnk_files_pattern($1, { user_home_dir_t user_home_type },user_home_type)
++ manage_sock_files_pattern($1, { user_home_dir_t user_home_type },user_home_type)
++ manage_fifo_files_pattern($1, { user_home_dir_t user_home_type },user_home_type)
++ filetrans_pattern($1, user_home_dir_t, user_home_t, { dir file lnk_file sock_file fifo_file })
++
')
########################################
-@@ -2311,12 +2430,12 @@
+@@ -2311,12 +2457,12 @@
#
template(`userdom_manage_user_home_content_files',`
gen_require(`
@@ -674958,7 +675285,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2348,10 +2467,10 @@
+@@ -2348,10 +2494,10 @@
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
@@ -674971,7 +675298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2383,12 +2502,12 @@
+@@ -2383,12 +2529,12 @@
#
template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
@@ -674987,7 +675314,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2420,12 +2539,12 @@
+@@ -2420,12 +2566,12 @@
#
template(`userdom_manage_user_home_content_pipes',`
gen_require(`
@@ -675003,7 +675330,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2457,12 +2576,12 @@
+@@ -2457,12 +2603,12 @@
#
template(`userdom_manage_user_home_content_sockets',`
gen_require(`
@@ -675019,7 +675346,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2507,11 +2626,11 @@
+@@ -2507,11 +2653,11 @@
#
template(`userdom_user_home_dir_filetrans',`
gen_require(`
@@ -675033,7 +675360,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2556,11 +2675,11 @@
+@@ -2556,11 +2702,11 @@
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
@@ -675047,7 +675374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2600,11 +2719,11 @@
+@@ -2600,11 +2746,11 @@
#
template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
@@ -675061,7 +675388,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2634,11 +2753,11 @@
+@@ -2634,11 +2780,11 @@
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
@@ -675075,7 +675402,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2668,11 +2787,11 @@
+@@ -2668,11 +2814,11 @@
#
template(`userdom_list_user_tmp',`
gen_require(`
@@ -675089,7 +675416,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2704,10 +2823,10 @@
+@@ -2704,10 +2850,10 @@
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
@@ -675102,7 +675429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2739,10 +2858,10 @@
+@@ -2739,10 +2885,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
@@ -675115,7 +675442,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2772,12 +2891,12 @@
+@@ -2772,12 +2918,12 @@
#
template(`userdom_read_user_tmp_files',`
gen_require(`
@@ -675131,7 +675458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2809,20 +2928,20 @@
+@@ -2809,20 +2955,20 @@
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
@@ -675156,7 +675483,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## temporary files.
##
##
-@@ -2842,21 +2961,23 @@
+@@ -2842,17 +2988,90 @@
##
##
#
@@ -675176,28 +675503,31 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
-## Read and write user temporary files.
+## Do not audit attempts to append users
+## temporary files.
- ##
- ##
- ##
--## Read and write user temporary files.
++##
++##
++##
+## Do not audit attempts to append users
+## temporary files.
- ##
- ##
- ## This is a templated interface, and should only
-@@ -2871,18 +2992,89 @@
- ##
- ##
- ##
--## Domain allowed access.
++##
++##
++## This is a templated interface, and should only
++## be called from a per-userdomain template.
++##
++##
++##
++##
++## The prefix of the user domain (e.g., user
++## is the prefix for user_t).
++##
++##
++##
++##
+## Domain to not audit.
- ##
- ##
- #
--template(`userdom_rw_user_tmp_files',`
++##
++##
++#
+template(`userdom_dontaudit_append_user_tmp_files',`
- gen_require(`
-- type $1_tmp_t;
++ gen_require(`
+ type user_tmp_t;
+ ')
+
@@ -675245,30 +675575,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+########################################
+##
+## Read and write user temporary files.
-+##
-+##
-+##
-+## Read and write user temporary files.
-+##
-+##
-+## This is a templated interface, and should only
-+## be called from a per-userdomain template.
-+##
-+##
-+##
-+##
-+## The prefix of the user domain (e.g., user
-+## is the prefix for user_t).
-+##
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+template(`userdom_rw_user_tmp_files',`
-+ gen_require(`
+ ##
+ ##
+ ##
+@@ -2877,12 +3096,12 @@
+ #
+ template(`userdom_rw_user_tmp_files',`
+ gen_require(`
+- type $1_tmp_t;
+ type user_tmp_t;
')
@@ -675280,7 +675594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2914,10 +3106,10 @@
+@@ -2914,10 +3133,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@@ -675293,7 +675607,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2949,12 +3141,12 @@
+@@ -2949,12 +3168,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@@ -675309,7 +675623,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2986,11 +3178,11 @@
+@@ -2986,11 +3205,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@@ -675323,7 +675637,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3022,11 +3214,11 @@
+@@ -3022,11 +3241,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@@ -675337,7 +675651,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3058,11 +3250,11 @@
+@@ -3058,11 +3277,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@@ -675351,7 +675665,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3094,11 +3286,11 @@
+@@ -3094,11 +3313,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@@ -675365,7 +675679,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3130,11 +3322,11 @@
+@@ -3130,11 +3349,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@@ -675379,7 +675693,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3179,10 +3371,10 @@
+@@ -3179,10 +3398,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@@ -675392,7 +675706,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
files_search_tmp($2)
')
-@@ -3223,10 +3415,10 @@
+@@ -3223,10 +3442,10 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -675405,7 +675719,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3254,6 +3446,42 @@
+@@ -3254,6 +3473,42 @@
##
##
#
@@ -675448,7 +675762,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
template(`userdom_rw_user_tmpfs_files',`
gen_require(`
type $1_tmpfs_t;
-@@ -3267,6 +3495,42 @@
+@@ -3267,6 +3522,42 @@
########################################
##
@@ -675491,7 +675805,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## List users untrusted directories.
##
##
-@@ -3962,6 +4226,24 @@
+@@ -3962,6 +4253,24 @@
########################################
##
@@ -675516,7 +675830,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Manage unpriviledged user SysV shared
## memory segments.
##
-@@ -4231,11 +4513,11 @@
+@@ -4231,11 +4540,11 @@
#
interface(`userdom_search_staff_home_dirs',`
gen_require(`
@@ -675530,7 +675844,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4251,10 +4533,10 @@
+@@ -4251,10 +4560,10 @@
#
interface(`userdom_dontaudit_search_staff_home_dirs',`
gen_require(`
@@ -675543,7 +675857,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4270,11 +4552,11 @@
+@@ -4270,11 +4579,11 @@
#
interface(`userdom_manage_staff_home_dirs',`
gen_require(`
@@ -675557,7 +675871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4289,16 +4571,16 @@
+@@ -4289,16 +4598,16 @@
#
interface(`userdom_relabelto_staff_home_dirs',`
gen_require(`
@@ -675577,7 +675891,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## users home directory.
##
##
-@@ -4307,12 +4589,54 @@
+@@ -4307,12 +4616,54 @@
##
##
#
@@ -675635,7 +675949,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4327,13 +4651,13 @@
+@@ -4327,13 +4678,13 @@
#
interface(`userdom_read_staff_home_content_files',`
gen_require(`
@@ -675653,7 +675967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4531,10 +4855,10 @@
+@@ -4531,10 +4882,10 @@
#
interface(`userdom_getattr_sysadm_home_dirs',`
gen_require(`
@@ -675666,7 +675980,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4551,10 +4875,10 @@
+@@ -4551,10 +4902,10 @@
#
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
gen_require(`
@@ -675679,7 +675993,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4569,10 +4893,10 @@
+@@ -4569,10 +4920,10 @@
#
interface(`userdom_search_sysadm_home_dirs',`
gen_require(`
@@ -675692,7 +676006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4588,10 +4912,10 @@
+@@ -4588,10 +4939,10 @@
#
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
gen_require(`
@@ -675705,7 +676019,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4606,10 +4930,10 @@
+@@ -4606,10 +4957,10 @@
#
interface(`userdom_list_sysadm_home_dirs',`
gen_require(`
@@ -675718,7 +676032,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4625,10 +4949,10 @@
+@@ -4625,10 +4976,10 @@
#
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
gen_require(`
@@ -675731,14 +676045,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4644,12 +4968,29 @@
+@@ -4644,12 +4995,29 @@
#
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
gen_require(`
- type sysadm_home_dir_t, sysadm_home_t;
+ type admin_home_t;
-+ ')
-+
+ ')
+
+- dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
+- dontaudit $1 sysadm_home_t:dir search_dir_perms;
+- dontaudit $1 sysadm_home_t:file read_file_perms;
+ dontaudit $1 admin_home_t:dir search_dir_perms;
+ dontaudit $1 admin_home_t:file read_file_perms;
+')
@@ -675756,16 +676073,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+interface(`userdom_dontaudit_read_sysadm_home_sym_links',`
+ gen_require(`
+ type admin_home_t;
- ')
-
-- dontaudit $1 sysadm_home_dir_t:dir search_dir_perms;
-- dontaudit $1 sysadm_home_t:dir search_dir_perms;
-- dontaudit $1 sysadm_home_t:file read_file_perms;
++ ')
++
+ dontaudit $1 admin_home_t:lnk_file read_lnk_file_perms;
')
########################################
-@@ -4676,10 +5017,10 @@
+@@ -4676,10 +5044,10 @@
#
interface(`userdom_sysadm_home_dir_filetrans',`
gen_require(`
@@ -675778,7 +676092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4694,10 +5035,10 @@
+@@ -4694,10 +5062,10 @@
#
interface(`userdom_search_sysadm_home_content_dirs',`
gen_require(`
@@ -675791,7 +676105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4712,13 +5053,13 @@
+@@ -4712,13 +5080,13 @@
#
interface(`userdom_read_sysadm_home_content_files',`
gen_require(`
@@ -675809,7 +676123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4754,11 +5095,49 @@
+@@ -4754,11 +5122,49 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -675860,7 +676174,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4778,6 +5157,14 @@
+@@ -4778,6 +5184,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -675875,7 +676189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4815,6 +5202,8 @@
+@@ -4815,6 +5229,8 @@
')
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
@@ -675884,7 +676198,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -4839,7 +5228,7 @@
+@@ -4839,7 +5255,7 @@
########################################
##
@@ -675893,7 +676207,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## in all users home directories.
##
##
-@@ -4848,18 +5237,18 @@
+@@ -4848,18 +5264,18 @@
##
##
#
@@ -675915,7 +676229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## in all users home directories.
##
##
-@@ -4868,18 +5257,18 @@
+@@ -4868,18 +5284,18 @@
##
##
#
@@ -675937,7 +676251,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## in all users home directories.
##
##
-@@ -4888,19 +5277,78 @@
+@@ -4888,12 +5304,71 @@
##
##
#
@@ -675948,14 +676262,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
- files_list_home($1)
-- manage_lnk_files_pattern($1,home_type,home_type)
+ delete_files_pattern($1,home_type,home_type)
- ')
-
- ########################################
- ##
--## Make the specified domain a privileged
--## home directory manager.
++')
++
++########################################
++##
+## Create, read, write, and delete all files
+## in all users home directories.
+##
@@ -676011,17 +676322,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+ ')
+
+ files_list_home($1)
-+ manage_lnk_files_pattern($1,home_type,home_type)
-+')
-+
-+########################################
-+##
-+## Make the specified domain a privileged
-+## home directory manager.
- ##
- ##
- ##
-@@ -5115,7 +5563,7 @@
+ manage_lnk_files_pattern($1,home_type,home_type)
+ ')
+
+@@ -5115,7 +5590,7 @@
#
interface(`userdom_relabelto_generic_user_home_dirs',`
gen_require(`
@@ -676030,7 +676334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
files_search_home($1)
-@@ -5304,6 +5752,63 @@
+@@ -5304,6 +5779,63 @@
########################################
##
@@ -676094,7 +676398,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete directories in
## unprivileged users home directories.
##
-@@ -5509,6 +6014,43 @@
+@@ -5509,6 +6041,43 @@
########################################
##
@@ -676138,7 +676442,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Read and write unprivileged user ttys.
##
##
-@@ -5559,7 +6101,7 @@
+@@ -5559,7 +6128,7 @@
attribute userdomain;
')
@@ -676147,7 +676451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
kernel_search_proc($1)
')
-@@ -5674,6 +6216,42 @@
+@@ -5674,6 +6243,42 @@
########################################
##
@@ -676190,7 +676494,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Send a dbus message to all user domains.
##
##
-@@ -5704,3 +6282,408 @@
+@@ -5704,3 +6309,408 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -676601,7 +676905,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.3.1/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.te 2009-02-04 10:54:48.000000000 +0100
@@ -2,12 +2,7 @@
policy_module(userdomain,2.5.0)
@@ -676927,7 +677231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.fc serefpolicy-3.3.1/policy/modules/system/virt.fc
--- nsaserefpolicy/policy/modules/system/virt.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,13 @@
+
+/usr/sbin/libvirtd -- gen_context(system_u:object_r:virtd_exec_t,s0)
@@ -676944,7 +677248,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.f
+/etc/libvirt/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.if serefpolicy-3.3.1/policy/modules/system/virt.if
--- nsaserefpolicy/policy/modules/system/virt.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,343 @@
+
+## policy for virt
@@ -677291,7 +677595,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.3.1/policy/modules/system/virt.te
--- nsaserefpolicy/policy/modules/system/virt.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,204 @@
+
+policy_module(virt,1.0.0)
@@ -677499,7 +677803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.t
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.3.1/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/xen.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/xen.if 2009-02-04 10:54:48.000000000 +0100
@@ -167,11 +167,14 @@
#
interface(`xen_stream_connect',`
@@ -677543,7 +677847,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.3.1/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/xen.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/xen.te 2009-02-04 10:54:48.000000000 +0100
@@ -6,6 +6,13 @@
# Declarations
#
@@ -677753,17 +678057,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.fc serefpolicy-3.3.1/policy/modules/users/auditadm.fc
--- nsaserefpolicy/policy/modules/users/auditadm.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+# No auditadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.if serefpolicy-3.3.1/policy/modules/users/auditadm.if
--- nsaserefpolicy/policy/modules/users/auditadm.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+## Policy for auditadm user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.te serefpolicy-3.3.1/policy/modules/users/auditadm.te
--- nsaserefpolicy/policy/modules/users/auditadm.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,25 @@
+policy_module(auditadm,1.0.1)
+gen_require(`
@@ -677792,17 +678096,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditad
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.fc serefpolicy-3.3.1/policy/modules/users/guest.fc
--- nsaserefpolicy/policy/modules/users/guest.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+# No guest file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.if serefpolicy-3.3.1/policy/modules/users/guest.if
--- nsaserefpolicy/policy/modules/users/guest.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+## Policy for guest user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.3.1/policy/modules/users/guest.te
--- nsaserefpolicy/policy/modules/users/guest.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,33 @@
+policy_module(guest,1.0.1)
+userdom_restricted_user_template(guest)
@@ -677839,17 +678143,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.t
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.3.1/policy/modules/users/logadm.fc
--- nsaserefpolicy/policy/modules/users/logadm.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+# No logadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.if serefpolicy-3.3.1/policy/modules/users/logadm.if
--- nsaserefpolicy/policy/modules/users/logadm.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+## Policy for logadm user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.3.1/policy/modules/users/logadm.te
--- nsaserefpolicy/policy/modules/users/logadm.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,11 @@
+policy_module(logadm,1.0.0)
+
@@ -677864,22 +678168,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.3.1/policy/modules/users/metadata.xml
--- nsaserefpolicy/policy/modules/users/metadata.xml 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/metadata.xml 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/metadata.xml 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+Policy modules for users
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.fc serefpolicy-3.3.1/policy/modules/users/secadm.fc
--- nsaserefpolicy/policy/modules/users/secadm.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+# No secadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.if serefpolicy-3.3.1/policy/modules/users/secadm.if
--- nsaserefpolicy/policy/modules/users/secadm.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+## Policy for secadm user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.te serefpolicy-3.3.1/policy/modules/users/secadm.te
--- nsaserefpolicy/policy/modules/users/secadm.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,39 @@
+policy_module(secadm,1.0.1)
+gen_require(`
@@ -677922,17 +678226,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.fc serefpolicy-3.3.1/policy/modules/users/staff.fc
--- nsaserefpolicy/policy/modules/users/staff.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+# No staff file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.if serefpolicy-3.3.1/policy/modules/users/staff.if
--- nsaserefpolicy/policy/modules/users/staff.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+## Policy for staff user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.3.1/policy/modules/users/staff.te
--- nsaserefpolicy/policy/modules/users/staff.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,30 @@
+policy_module(staff,1.0.1)
+userdom_admin_login_user_template(staff)
@@ -677966,17 +678270,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.t
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.fc serefpolicy-3.3.1/policy/modules/users/user.fc
--- nsaserefpolicy/policy/modules/users/user.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+# No user file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.if serefpolicy-3.3.1/policy/modules/users/user.if
--- nsaserefpolicy/policy/modules/users/user.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+## Policy for user user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te serefpolicy-3.3.1/policy/modules/users/user.te
--- nsaserefpolicy/policy/modules/users/user.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,18 @@
+policy_module(user,1.0.1)
+userdom_unpriv_user_template(user)
@@ -677998,17 +678302,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.3.1/policy/modules/users/webadm.fc
--- nsaserefpolicy/policy/modules/users/webadm.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+# No webadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.3.1/policy/modules/users/webadm.if
--- nsaserefpolicy/policy/modules/users/webadm.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+## Policy for webadm user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.3.1/policy/modules/users/webadm.te
--- nsaserefpolicy/policy/modules/users/webadm.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,41 @@
+policy_module(webadm,1.0.0)
+
@@ -678053,17 +678357,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.
+userdom_role_change_template(staff, webadm)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.fc serefpolicy-3.3.1/policy/modules/users/xguest.fc
--- nsaserefpolicy/policy/modules/users/xguest.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.fc 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.fc 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+# No xguest file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.if serefpolicy-3.3.1/policy/modules/users/xguest.if
--- nsaserefpolicy/policy/modules/users/xguest.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.if 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.if 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1 @@
+## Policy for xguest user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.3.1/policy/modules/users/xguest.te
--- nsaserefpolicy/policy/modules/users/xguest.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.te 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.te 2009-02-04 10:54:48.000000000 +0100
@@ -0,0 +1,69 @@
+policy_module(xguest,1.0.1)
+
@@ -678136,7 +678440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.3.1/policy/support/file_patterns.spt
--- nsaserefpolicy/policy/support/file_patterns.spt 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/support/file_patterns.spt 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/support/file_patterns.spt 2009-02-04 10:54:48.000000000 +0100
@@ -537,3 +537,23 @@
allow $1 $2:dir rw_dir_perms;
type_transition $1 $2:$4 $3;
@@ -678163,7 +678467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.3.1/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt 2009-02-04 10:54:48.000000000 +0100
@@ -193,7 +193,7 @@
define(`create_dir_perms',`{ getattr create }')
define(`rename_dir_perms',`{ getattr rename }')
@@ -678243,7 +678547,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
+define(`manage_key_perms', `{ create link read search setattr view write } ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.3.1/policy/users
--- nsaserefpolicy/policy/users 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/users 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/policy/users 2009-02-04 10:54:48.000000000 +0100
@@ -16,7 +16,7 @@
# and a user process should never be assigned the system user
# identity.
@@ -678279,7 +678583,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.3
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.3.1/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/Rules.modular 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/Rules.modular 2009-02-04 10:54:48.000000000 +0100
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -678311,7 +678615,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.3.1/Rules.monolithic
--- nsaserefpolicy/Rules.monolithic 2008-02-26 14:23:13.000000000 +0100
-+++ serefpolicy-3.3.1/Rules.monolithic 2009-01-30 11:10:05.000000000 +0100
++++ serefpolicy-3.3.1/Rules.monolithic 2009-02-04 10:54:48.000000000 +0100
@@ -96,7 +96,7 @@
#
# Load the binary policy
diff --git a/selinux-policy.spec b/selinux-policy.spec
index bdc207f..730ff99 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 120%{?dist}
+Release: 121%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
%endif
%changelog
+* Wed Feb 4 2009 Miroslav Grepl 3.3.1-121
+- Add milter policy
+
* Fri Jan 30 2009 Miroslav Grepl 3.3.1-120
- Fixes in libraries.fc