diff --git a/policy-20071130.patch b/policy-20071130.patch index 078e66a..1c0438c 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -20433,7 +20433,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te --- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-06-12 23:38:02.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2008-09-23 16:14:12.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2008-09-25 15:15:06.000000000 -0400 @@ -1,5 +1,5 @@ -policy_module(networkmanager,1.9.0) @@ -20524,8 +20524,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw libs_use_ld_so(NetworkManager_t) libs_use_shared_libs(NetworkManager_t) -@@ -109,10 +132,14 @@ +@@ -107,12 +130,17 @@ + # in /etc created by NetworkManager will be labelled net_conf_t. + sysnet_manage_config(NetworkManager_t) sysnet_etc_filetrans_config(NetworkManager_t) ++sysnet_read_dhcp_config(NetworkManager_t) userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t) -userdom_dontaudit_search_sysadm_home_dirs(NetworkManager_t) @@ -20540,7 +20543,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw optional_policy(` bind_domtrans(NetworkManager_t) -@@ -129,21 +156,26 @@ +@@ -129,21 +157,26 @@ ') optional_policy(` @@ -20572,7 +20575,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw ') optional_policy(` -@@ -152,22 +184,25 @@ +@@ -152,22 +185,25 @@ ') optional_policy(` @@ -33537,7 +33540,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar +/opt/novell/groupwise/client/lib/libgwapijni\.so\.1 -- gen_context(system_u:object_r:textrel_shlib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.3.1/policy/modules/system/libraries.te --- nsaserefpolicy/policy/modules/system/libraries.te 2008-06-12 23:38:01.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/system/libraries.te 2008-09-08 11:45:13.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/system/libraries.te 2008-09-26 10:26:45.000000000 -0400 @@ -23,6 +23,9 @@ init_system_domain(ldconfig_t,ldconfig_exec_t) role system_r types ldconfig_t; @@ -33548,7 +33551,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar type ldconfig_tmp_t; files_tmp_file(ldconfig_tmp_t) -@@ -44,9 +47,11 @@ +@@ -39,14 +42,21 @@ + type textrel_shlib_t alias texrel_shlib_t; + files_type(textrel_shlib_t) + ++optional_policy(` ++ postgresql_loadable_module(lib_t) ++ postgresql_loadable_module(textrel_shlib_t) ++') ++ + ######################################## + # # ldconfig local policy # @@ -33562,7 +33575,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar files_etc_filetrans(ldconfig_t,ld_so_cache_t,file) manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t) -@@ -60,8 +65,11 @@ +@@ -60,8 +70,11 @@ fs_getattr_xattr_fs(ldconfig_t) @@ -33574,7 +33587,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar files_search_var_lib(ldconfig_t) files_read_etc_files(ldconfig_t) files_search_tmp(ldconfig_t) -@@ -70,6 +78,7 @@ +@@ -70,6 +83,7 @@ files_delete_etc_files(ldconfig_t) init_use_script_ptys(ldconfig_t) @@ -33582,7 +33595,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar libs_use_ld_so(ldconfig_t) libs_use_shared_libs(ldconfig_t) -@@ -86,6 +95,10 @@ +@@ -86,6 +100,10 @@ ') ') @@ -33593,7 +33606,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar ifdef(`hide_broken_symptoms',` optional_policy(` unconfined_dontaudit_rw_tcp_sockets(ldconfig_t) -@@ -102,4 +115,10 @@ +@@ -102,4 +120,10 @@ # and executes ldconfig on it. If you dont allow this kernel installs # blow up. rpm_manage_script_tmp_files(ldconfig_t)