+## abstract Machine Test Utility
@@ -552,8 +552,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if
+ allow amtu_t $3:chr_file rw_term_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.6.4/policy/modules/admin/amtu.te
---- nsaserefpolicy/policy/modules/admin/amtu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/admin/amtu.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/amtu.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-2.6.4/policy/modules/admin/amtu.te 2008-02-24 19:06:48.000000000 +0100
@@ -0,0 +1,57 @@
+policy_module(amtu,1.0.23)
+
@@ -613,8 +613,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te
+');
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.6.4/policy/modules/admin/bootloader.te
---- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/bootloader.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/bootloader.te 2008-02-24 19:06:48.000000000 +0100
@@ -65,6 +65,8 @@
files_tmp_filetrans(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
# for tune2fs (cjp: ?)
@@ -633,8 +633,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.6.4/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/consoletype.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/consoletype.te 2008-02-24 19:06:48.000000000 +0100
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -678,8 +678,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.6.4/policy/modules/admin/dmesg.te
---- nsaserefpolicy/policy/modules/admin/dmesg.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/dmesg.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/dmesg.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/dmesg.te 2008-02-24 19:06:48.000000000 +0100
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -689,8 +689,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmidecode.te serefpolicy-2.6.4/policy/modules/admin/dmidecode.te
---- nsaserefpolicy/policy/modules/admin/dmidecode.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/dmidecode.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/dmidecode.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/dmidecode.te 2008-02-24 19:06:48.000000000 +0100
@@ -22,6 +22,7 @@
# Allow dmidecode to read /dev/mem
@@ -700,8 +700,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmideco
mls_file_read_up(dmidecode_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.6.4/policy/modules/admin/kudzu.te
---- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/kudzu.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/kudzu.te 2008-02-24 19:06:48.000000000 +0100
@@ -21,8 +21,8 @@
# Local policy
#
@@ -723,8 +723,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.t
# the inittab after configuring serial consoles
init_telinit(kudzu_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.6.4/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/logrotate.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/logrotate.te 2008-02-24 19:06:48.000000000 +0100
@@ -75,6 +75,7 @@
mls_file_read_up(logrotate_t)
mls_file_write_down(logrotate_t)
@@ -734,8 +734,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
selinux_get_fs_mount(logrotate_t)
selinux_get_enforce_mode(logrotate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.6.4/policy/modules/admin/logwatch.te
---- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/logwatch.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/logwatch.te 2008-02-24 19:06:48.000000000 +0100
@@ -30,7 +30,6 @@
allow logwatch_t self:process signal;
allow logwatch_t self:fifo_file rw_file_perms;
@@ -805,8 +805,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
+ samba_read_share_files(logwatch_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.6.4/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2008-02-24 19:06:48.000000000 +0100
@@ -31,6 +31,7 @@
type traceroute_t;
type traceroute_exec_t;
@@ -824,8 +824,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
corenet_tcp_sendrecv_all_ports(ping_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.6.4/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2008-02-24 19:06:48.000000000 +0100
@@ -26,7 +26,7 @@
# Local policy
#
@@ -872,8 +872,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
miscfiles_read_localization(prelink_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.6.4/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/readahead.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/readahead.te 2008-02-24 19:06:48.000000000 +0100
@@ -18,7 +18,8 @@
# Local policy
#
@@ -902,8 +902,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
+ logging_dontaudit_search_audit_config(readahead_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.6.4/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.fc 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/rpm.fc 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.fc 2008-02-24 19:06:48.000000000 +0100
@@ -21,6 +21,9 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -915,8 +915,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.6.4/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/rpm.if 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2008-02-24 19:06:48.000000000 +0100
@@ -211,6 +211,24 @@
########################################
@@ -1095,8 +1095,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
+ dontaudit $1 rpm_t:fifo_file rw_fifo_file_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.6.4/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/rpm.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.te 2008-02-24 19:06:48.000000000 +0100
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
@@ -1107,8 +1107,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
domain_role_change_exemption(rpm_t)
domain_system_change_exemption(rpm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-2.6.4/policy/modules/admin/sudo.if
---- nsaserefpolicy/policy/modules/admin/sudo.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/sudo.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/sudo.if 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/sudo.if 2008-02-24 19:06:48.000000000 +0100
@@ -69,7 +69,6 @@
allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
allow $1_sudo_t self:unix_dgram_socket sendto;
@@ -1156,8 +1156,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.6.4/policy/modules/admin/su.if
---- nsaserefpolicy/policy/modules/admin/su.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/su.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/su.if 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/su.if 2008-02-24 19:06:48.000000000 +0100
@@ -41,12 +41,11 @@
allow $2 $1_su_t:process signal;
@@ -1232,8 +1232,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
allow $1_su_t $1_home_t:file manage_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-2.6.4/policy/modules/admin/usermanage.if
---- nsaserefpolicy/policy/modules/admin/usermanage.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/usermanage.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/usermanage.if 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/usermanage.if 2008-02-24 19:06:48.000000000 +0100
@@ -278,5 +278,5 @@
type crack_db_t;
')
@@ -1242,8 +1242,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
+ read_files_pattern($1,crack_db_t,crack_db_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.6.4/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/usermanage.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/usermanage.te 2008-02-24 19:11:07.000000000 +0100
@@ -99,6 +99,7 @@
dev_read_urand(chfn_t)
@@ -1277,7 +1277,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
miscfiles_read_localization(groupadd_t)
-@@ -252,8 +253,13 @@
+@@ -243,17 +244,26 @@
+ seutil_read_config(groupadd_t)
+
+ userdom_use_unpriv_users_fds(groupadd_t)
++
+ # for when /root is the cwd
+ userdom_dontaudit_search_sysadm_home_dirs(groupadd_t)
+
++# for /home/[^/]*/
++userdom_dontaudit_search_all_users_home_content(groupadd_t)
++
+ optional_policy(`
+ dpkg_use_fds(groupadd_t)
+ dpkg_rw_pipes(groupadd_t)
')
optional_policy(`
@@ -1291,7 +1304,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
')
########################################
-@@ -261,7 +267,7 @@
+@@ -261,7 +271,7 @@
# Passwd local policy
#
@@ -1300,7 +1313,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
allow passwd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow passwd_t self:process { setrlimit setfscreate };
allow passwd_t self:fd use;
-@@ -271,7 +277,6 @@
+@@ -271,7 +281,6 @@
allow passwd_t self:unix_stream_socket create_stream_socket_perms;
allow passwd_t self:unix_dgram_socket sendto;
allow passwd_t self:unix_stream_socket connectto;
@@ -1308,7 +1321,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
allow passwd_t self:shm create_shm_perms;
allow passwd_t self:sem create_sem_perms;
allow passwd_t self:msgq create_msgq_perms;
-@@ -324,6 +329,7 @@
+@@ -324,6 +333,7 @@
libs_use_shared_libs(passwd_t)
logging_send_syslog_msg(passwd_t)
@@ -1316,7 +1329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
miscfiles_read_localization(passwd_t)
-@@ -343,6 +349,7 @@
+@@ -343,6 +353,7 @@
optional_policy(`
nscd_socket_use(passwd_t)
@@ -1324,7 +1337,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
')
########################################
-@@ -396,6 +403,8 @@
+@@ -396,6 +407,8 @@
auth_relabel_shadow(sysadm_passwd_t)
auth_etc_filetrans_shadow(sysadm_passwd_t)
@@ -1333,7 +1346,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
# allow vipw to exec the editor
corecmd_exec_bin(sysadm_passwd_t)
corecmd_exec_shell(sysadm_passwd_t)
-@@ -412,6 +421,7 @@
+@@ -412,6 +425,7 @@
# /usr/bin/passwd asks for w access to utmp, but it will operate
# correctly without it. Do not audit write denials to utmp.
init_dontaudit_rw_utmp(sysadm_passwd_t)
@@ -1341,7 +1354,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
libs_use_ld_so(sysadm_passwd_t)
libs_use_shared_libs(sysadm_passwd_t)
-@@ -433,6 +443,7 @@
+@@ -433,6 +447,7 @@
optional_policy(`
nscd_socket_use(sysadm_passwd_t)
@@ -1349,7 +1362,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
')
########################################
-@@ -440,7 +451,7 @@
+@@ -440,7 +455,7 @@
# Useradd local policy
#
@@ -1358,7 +1371,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
dontaudit useradd_t self:capability sys_tty_config;
allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow useradd_t self:process setfscreate;
-@@ -454,7 +465,6 @@
+@@ -454,7 +469,6 @@
allow useradd_t self:unix_stream_socket create_stream_socket_perms;
allow useradd_t self:unix_dgram_socket sendto;
allow useradd_t self:unix_stream_socket connectto;
@@ -1366,7 +1379,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
# for getting the number of groups
kernel_read_kernel_sysctls(useradd_t)
-@@ -500,6 +510,7 @@
+@@ -500,6 +514,7 @@
libs_use_shared_libs(useradd_t)
logging_send_syslog_msg(useradd_t)
@@ -1374,7 +1387,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
miscfiles_read_localization(useradd_t)
-@@ -508,6 +519,9 @@
+@@ -508,6 +523,9 @@
seutil_read_default_contexts(useradd_t)
seutil_domtrans_semanage(useradd_t)
seutil_domtrans_restorecon(useradd_t)
@@ -1384,7 +1397,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
userdom_use_unpriv_users_fds(useradd_t)
# for when /root is the cwd
-@@ -521,11 +535,26 @@
+@@ -521,11 +539,26 @@
mta_manage_spool(useradd_t)
optional_policy(`
@@ -1412,8 +1425,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
+ rpm_dontaudit_rw_tmp_files(useradd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-2.6.4/policy/modules/admin/vbetool.te
---- nsaserefpolicy/policy/modules/admin/vbetool.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/vbetool.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/vbetool.te 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/vbetool.te 2008-02-24 19:06:48.000000000 +0100
@@ -32,4 +32,5 @@
optional_policy(`
@@ -1421,8 +1434,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
+ hal_write_log(vbetool_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc serefpolicy-2.6.4/policy/modules/admin/vpn.fc
---- nsaserefpolicy/policy/modules/admin/vpn.fc 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/vpn.fc 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/vpn.fc 2007-05-07 20:51:05.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/vpn.fc 2008-02-24 19:06:48.000000000 +0100
@@ -7,3 +7,5 @@
# sbin
#
@@ -1430,8 +1443,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc
+
+/var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.6.4/policy/modules/admin/vpn.te
---- nsaserefpolicy/policy/modules/admin/vpn.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/vpn.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/vpn.te 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/admin/vpn.te 2008-02-24 19:06:48.000000000 +0100
@@ -24,7 +24,7 @@
# Local policy
#
@@ -1462,8 +1475,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te
sysnet_manage_config(vpnc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.fc serefpolicy-2.6.4/policy/modules/apps/games.fc
---- nsaserefpolicy/policy/modules/apps/games.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/games.fc 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/games.fc 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/games.fc 2008-02-24 19:06:48.000000000 +0100
@@ -1,22 +1,16 @@
#
# /usr
@@ -1491,8 +1504,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.fc
/usr/bin/blackjack -- gen_context(system_u:object_r:games_exec_t,s0)
/usr/bin/gataxx -- gen_context(system_u:object_r:games_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-2.6.4/policy/modules/apps/gnome.if
---- nsaserefpolicy/policy/modules/apps/gnome.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/gnome.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/gnome.if 2008-02-24 19:06:48.000000000 +0100
@@ -35,6 +35,7 @@
template(`gnome_per_role_template',`
gen_require(`
@@ -1547,8 +1560,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
##
## This is a templated interface, and should only
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-2.6.4/policy/modules/apps/gpg.fc
---- nsaserefpolicy/policy/modules/apps/gpg.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/gpg.fc 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/gpg.fc 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/gpg.fc 2008-02-24 19:06:48.000000000 +0100
@@ -7,6 +7,4 @@
/usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
@@ -1557,8 +1570,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0)
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.6.4/policy/modules/apps/java.fc
---- nsaserefpolicy/policy/modules/apps/java.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/java.fc 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/java.fc 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/java.fc 2008-02-24 19:06:48.000000000 +0100
@@ -22,3 +22,5 @@
/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/local/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -1566,8 +1579,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
+/usr/lib/eclipse/eclipse -- gen_context(system_u:object_r:java_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.6.4/policy/modules/apps/java.if
---- nsaserefpolicy/policy/modules/apps/java.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/java.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/java.if 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/java.if 2008-02-24 19:06:48.000000000 +0100
@@ -224,3 +224,35 @@
refpolicywarn(`$0($1) has no effect in strict policy.')
')
@@ -1605,8 +1618,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
+ type_transition $1 java_exec_t:process $2;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.6.4/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/java.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/java.te 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/java.te 2008-02-24 19:06:48.000000000 +0100
@@ -31,4 +31,8 @@
unconfined_domain_noaudit(java_t)
@@ -1617,8 +1630,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.6.4/policy/modules/apps/loadkeys.if
---- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if 2008-02-24 19:06:48.000000000 +0100
@@ -11,16 +11,12 @@
##
#
@@ -1686,8 +1699,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
+ can_exec($1,loadkeys_exec_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.6.4/policy/modules/apps/mozilla.if
---- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/mozilla.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/mozilla.if 2008-02-24 19:06:48.000000000 +0100
@@ -150,6 +150,7 @@
corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
@@ -1697,8 +1710,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
dev_read_sound($1_mozilla_t)
dev_dontaudit_rw_dri($1_mozilla_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.6.4/policy/modules/apps/slocate.te
---- nsaserefpolicy/policy/modules/apps/slocate.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2008-01-03 10:04:45.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/slocate.te 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2008-02-24 19:06:48.000000000 +0100
@@ -29,8 +29,11 @@
manage_dirs_pattern(locate_t,locate_var_lib_t,locate_var_lib_t)
manage_files_pattern(locate_t,locate_var_lib_t,locate_var_lib_t)
@@ -1728,8 +1741,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
libs_use_shared_libs(locate_t)
libs_use_ld_so(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if serefpolicy-2.6.4/policy/modules/apps/uml.if
---- nsaserefpolicy/policy/modules/apps/uml.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/uml.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/uml.if 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/uml.if 2008-02-24 19:06:48.000000000 +0100
@@ -193,33 +193,6 @@
nis_use_ypbind($1_uml_t)
')
@@ -1765,8 +1778,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if s
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-2.6.4/policy/modules/apps/userhelper.if
---- nsaserefpolicy/policy/modules/apps/userhelper.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/userhelper.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/userhelper.if 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/userhelper.if 2008-02-24 19:06:48.000000000 +0100
@@ -131,6 +131,7 @@
term_use_all_user_ptys($1_userhelper_t)
@@ -1776,8 +1789,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
auth_manage_var_auth($1_userhelper_t)
auth_search_pam_console_data($1_userhelper_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-2.6.4/policy/modules/apps/vmware.fc
---- nsaserefpolicy/policy/modules/apps/vmware.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/vmware.fc 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/apps/vmware.fc 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/apps/vmware.fc 2008-02-24 19:06:48.000000000 +0100
@@ -1,11 +1,9 @@
#
# HOME_DIR/
@@ -1827,8 +1840,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.f
ifdef(`distro_gentoo',`
/opt/vmware/workstation/bin/vmnet-bridge -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2008-01-16 15:47:56.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2008-02-24 19:06:48.000000000 +0100
@@ -7,6 +7,7 @@
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -1935,8 +1948,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
+/etc/apcupsd/offbattery -- gen_context(system_u:object_r:bin_t,s0)
+/etc/apcupsd/onbattery -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.6.4/policy/modules/kernel/corecommands.if
---- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.if 2008-02-24 19:06:48.000000000 +0100
@@ -988,3 +988,23 @@
mmap_files_pattern($1,bin_t,exec_type)
@@ -1962,8 +1975,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-2.6.4/policy/modules/kernel/corenetwork.if.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.if.in 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.if.in 2008-02-24 19:06:48.000000000 +0100
@@ -1449,6 +1449,44 @@
########################################
@@ -2072,8 +2085,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in 2008-02-24 19:06:48.000000000 +0100
@@ -48,6 +48,11 @@
type reserved_port_t, port_type, reserved_port_type;
@@ -2145,8 +2158,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
portcon udp 1-1023 gen_context(system_u:object_r:reserved_port_t, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.6.4/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2008-02-24 19:06:48.000000000 +0100
@@ -12,6 +12,7 @@
/dev/atibm -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0)
@@ -2220,8 +2233,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
# used by udev init script as temporary mount point
/lib/udev/devices -d gen_context(system_u:object_r:device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.6.4/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2008-02-24 19:06:48.000000000 +0100
@@ -65,7 +65,7 @@
relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -2381,8 +2394,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.6.4/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/devices.te 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.te 2008-02-24 19:06:48.000000000 +0100
@@ -139,6 +139,12 @@
#
# Type for sound devices and mixers
@@ -2397,8 +2410,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
dev_node(sound_device_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-2.6.4/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/domain.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/domain.if 2008-02-24 19:06:48.000000000 +0100
@@ -64,6 +64,7 @@
')
@@ -2453,8 +2466,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ typeattribute $1 mmap_low_domain_type;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.6.4/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/domain.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/domain.te 2008-02-24 19:06:48.000000000 +0100
@@ -6,6 +6,29 @@
# Declarations
#
@@ -2533,8 +2546,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ unconfined_dontaudit_rw_pipes(domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.6.4/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/files.fc 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2008-02-24 19:06:48.000000000 +0100
@@ -45,7 +45,6 @@
/etc -d gen_context(system_u:object_r:etc_t,s0)
/etc/.* gen_context(system_u:object_r:etc_t,s0)
@@ -2578,8 +2591,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+/var/run/motd -- gen_context(system_u:object_r:etc_runtime_t,s0)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.6.4/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/files.if 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2008-02-24 19:06:48.000000000 +0100
@@ -343,8 +343,7 @@
########################################
@@ -2930,8 +2943,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+ allow $1 root_t:file { create getattr write };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.6.4/policy/modules/kernel/files.te
---- nsaserefpolicy/policy/modules/kernel/files.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/files.te 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/files.te 2008-02-24 19:06:48.000000000 +0100
@@ -54,6 +54,7 @@
files_type(etc_t)
# compatibility aliases for removed types:
@@ -2941,8 +2954,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
#
# etc_runtime_t is the type of various
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.6.4/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if 2008-02-24 19:06:48.000000000 +0100
@@ -1096,6 +1096,24 @@
########################################
@@ -3077,8 +3090,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.6.4/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2008-02-24 19:06:48.000000000 +0100
@@ -43,6 +43,11 @@
#
# Non-persistent/pseudo filesystems
@@ -3152,8 +3165,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
# tmpfs_t is the type for tmpfs filesystems
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.6.4/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2008-02-24 19:06:48.000000000 +0100
@@ -108,6 +108,24 @@
########################################
@@ -3242,8 +3255,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.6.4/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2008-01-11 15:14:54.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2008-02-24 19:06:48.000000000 +0100
@@ -146,6 +146,8 @@
type unlabeled_t;
sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
@@ -3271,8 +3284,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
allow kern_unconfined kernel_t:system *;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-2.6.4/policy/modules/kernel/mls.if
---- nsaserefpolicy/policy/modules/kernel/mls.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/mls.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/mls.if 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/mls.if 2008-02-24 19:06:48.000000000 +0100
@@ -154,6 +154,26 @@
########################################
##
@@ -3301,8 +3314,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if
##
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.6.4/policy/modules/kernel/mls.te
---- nsaserefpolicy/policy/modules/kernel/mls.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/mls.te 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/mls.te 2007-05-07 20:51:02.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/mls.te 2008-02-24 19:06:48.000000000 +0100
@@ -18,6 +18,7 @@
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
@@ -3321,8 +3334,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te
attribute privrangetrans;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-2.6.4/policy/modules/kernel/selinux.if
---- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/selinux.if 2008-01-02 11:27:47.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-05-07 20:51:04.000000000 +0200
++++ serefpolicy-2.6.4/policy/modules/kernel/selinux.if 2008-02-24 19:06:48.000000000 +0100
@@ -51,6 +51,44 @@
########################################
@@ -3369,8 +3382,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
##
##